1. LHG Inc. is a Dubai-based company providing luxury furniture items to customers around the globe through its retail stores chain and online portal. For providing round-the-clock services, the IT department has designated the LON-CL1 machine for general use by customers of the company. The customers can access details about their purchases, orders, and new products of the company. Recently, the management has expressed its concern over the security of the information stored in machines that are used for general purposes, such as LON-CL1. Eric, the Desktop Administrator, has been asked to ensure that the information in these machines is secure. To secure LON-CL1, Eric has identified the following tasks: The LON-CL1 machine should be easily accessible to customers. For this, the machine is kept in the reception area. As a result, the customers can gain access to domain resources. This can result in breach of some confidential company data. To prevent this unauthorized access to domain resources through LON-CL1, the machine should be in the Customer workgroup. Eric needs to manage this machine through a local administrator account. This local administrator account should have a different name that should not be guessed easily. Further, the guest account should also have a different name to enhance the security of the machine. In case a user enters wrong password three times, the machine should be locked for 20 minutes. The password of the local administrator account should not be less than five characters. How can Eric configure these settings? Experiment To accomplish the assigned task, Eric needs to perform the following tasks: Add the 20687B-LON-CL1 machine to the Customer workgroup. Configure GPO settings. Test GPO settings. Unlock the Admin account.

Task 1. Adding the 20687B-LON-CL1 Machine to the customer workgrou
to add the 20687B-LON-CL1 virtual machine to the customer workgroup. you need to perfrom the following steps:
1. Ensure that the Start screen is displayed.
2. Type system information.
3. select the system otion in the search pane.
4. click the system in the setting pane. the system window is displayed.
5. click the change setting link in the right pane. the system properties dialog box is displayed.
6. click the change button. the computer name/Domain change dialog box is displayed.
7. select the workgroup option in the Member of section.
8. type CUSTOMER in the Workgroup text box.
9. click the ok button. the computer name/Domain change dialog box is displayed.
10. click the ok button. After a few moments, the computer name/domain change message box is displayed with the message. Welcome to the CUSTOMER workgroup.
11. click the ok button twice.
12. click the clse button. the Microsoft windows dialog box is displayed.
13. click the restart now button. After a few moments, the lock screen is displayed.
14. Press the space bar.
15. click the Admin icon.
16. type Pa$$w0rd in the password text box.
17. press the enter key. the start screen is displayed.

Task 2. Configuring GPO setting.
to configure GPO setting in the 20687B-LON-CL1 virtual machine. you need to perfrom the following steps:
1. press the windows+C keys. the charms bar is displayed.
2. click search. the search charm is dislayed.
3. type mmc.exe in the apps text box. and then press the enter key. the user Account control dialog box is displayed.
4. click the yes button. the MMC window is displayed.
5. Maximiza the MMC window.
6. select the File--Add/Remove snap-in option from the menu bar. the Add or Remove snap-ins dialog box is displayed.
7. Select the Group policy object Editor option under the Snap-in column in the Available snop-ins list box.
8. Click the add button. the select Group policy object wizard is displayed.
9. click the Finish button. After a few moments, the Local computer policy option is displayed in the selected snap-ins list box.
10. click the ok button. the MMC window is displayed.
11. expand the local computer policy--computer configuration--windows settings--security setting--Account policies nodes.
12. select the password policy folder in the left pane.
13. Double-click the Minimum password lingth policy in the right pane. the Minimum password length properties dialog box is displayed.
14. type 5 in the password required spin box.
15. click the ok button.
16. select the Account Lockout policy folder in the left pane.
17. Double-click the Account lockout threshold policy in the middle pane. the Account lockout threshold propertie dialog box is displayed.
18. type 2 in the Account will not lock out spin box.
19. click the ok button. the suggested value changes dialog box diplayed.
20. click the ok button.
21. Double-click the Account lickout duration policy. the Account lockout duration properties dialog box is dislayed.
22. Type 20 in the Account is locked out for spin box.
23. click the ok button. the suggested value changes dislog box is displayed.
24. click the ok button.
25. Expand the local policies node under the security setting node in the lift pane.
26. select the security options folder in the left pane.
27. Double-click the Account: Adminstrator account status policy in the right pane. the Account: Administrator account status properties dialog box is displayed.
28. select the Enabled option.
29. click the ok button.
30. Double-click the Accounts: adiministrator account policy in the right pane. the Account: Rename administrator account properties dialog box is diplayed.
31. type secureadmin in the Account: Rename administrator account text box.
32. click the ok button.
33. Double-click the Account: Guest account status policy in the right pane. the Account: Guest account status properties dialog box is displayed.
34. select the Enabled option.
35. click the ok button.
36. Double-click the Accounts: Rename guest account policy in the right pane. the Account: Rename guest account properties dialog box is displayed.
37. type limiteduser in the Account: Rename guest account text box.
38. click the ok buttn.
39. clse the MMC window without saving any changes.

Task 3. Testing GPO settings
to test GPO setting in the 20687B-LON-CL1 virtual machine, you need to perform the following steps:
1. Open the command prompt window.
2. Type the gpupdate/ force command, and then press the Enter key. After a few moments, computer and user policies are udated successfully.
3. close the command prompt window.
4. press the windows_I keys. the setting the 20687B-LON-CL1 virtual machine is restarted. After a few moments, the lock screen is displayed.
5. click power, and then select restart, the lock screen is displayed.
6. Press the space bar. the Admin logn screen is displayed.
7. type Pa$$w0rd in the password text box.
8. press the enter key. After a few moments, the start screen is displayed.
9. click the admin tile. you will notice the Secureadmin and limiteduser accounts are displayed.
10. click the Secureadmin tile.
11. type Pa$$w0rd in the password text box, and then press the enter key.
12. click the secureadmin tile.
13. select the sign out option. the lock screen is displayed.
14. prees the space bar.
15. click the admin icon.
16. type Pa$$w0rd in the password text box, and then press the enter key.
17. Press the the ctrl+Alt_End keys.
18. select the change a password option. the change a password screen is displayed.
19. type Pa$$w0rd in the Old password text box.
20. type abcd in the new password and confirm password text boxes.
21. press the Enter key. the Change a password screen is displayed. you will notice that the password is not updated due to length requirements.
22. click the ok button. the change a password screen is dislayed.
23. type Pa$$w0rd in the Password text box.
24. type abcde in the new password and confirm password text boxes.
25. press the enter key. the change a password acreen is displayed. you will notice that the password is changed.
26. click the ok button. the start screen is displayed.
27. click the Admin tile.
28. select the sign out option. the lock screen is displayed.
29. press the space bar.
30. select the admin icon. the login screen is displayed.
31. type abcdr in the password rext box.
32. press the enter key. the password is incorrect message is displayed.
33. click the ok button.
34. type abcde in the password text box.
35. press enter key. the password is incorrect message is displayed.
36. click the ok button.
37. type abcde in the password text box, and then press the enter key. the refernced account is locked message is displayed.
38. click the ok button.

Task 4. Unlocking the Admin Account
to unlock the Admin account in the 20687B-LON-CL1 virtual machine. you need to perform the following steps:
1. click the switch user button.
2. click the Secureadmain icon.
3. type Pa$$w0rd in the Password text box.
4. press the Enter key. the Start screen is displayed.
5. type computer. the computer tile is displayed in the Apps screen.
6. Right-click the computer tile, and then select the Manage option in the bottom bar.The computer Management windiw is displayed.
7. Expand the Local Users and Groups node under the system Tools node in the left pane.
8. select the users folder. the user in the middle pane.
9. Right-click the Admin user in the middle pane.
10. select theproperties option. the Admin properties dialog box is displayed.
11. clear the Accont is locked out check box.
12. click the ok button.
13. close the computer Management window.
14. press the Windows key. the Start screen is displayed.
15. select the secureadmin tile.
16. select the sign out option. the lock screen is displayed.
17. press the space bar.
18. click the admin icon.
19. type abcde in the password text box, and then press the Enter key. After a few moments. the Start screen is displayed.
20. sign out and revert the 20687B-LON-CL1 and 20687B-LON-CL1 virtual machines.