Create multiple local GPOs.
Apply the local GPOs.
Although you typically configure most security and other settings by using domain-based GPOs, you
decide that for these laptop computers, implementing local GPOs would achieve Holly’s goal of securing
these roaming computers. You decide to implement multiple local GPOs to ensure that administrator and
standard user accounts can have different settings:
• The default computer policy will be configured to display a warning dialog box.
• The non-administrators policy will be configured with certain security restrictions.
• The administrators policy will not be configured with the same security restrictions.
The main tasks for this exercise are as follows:
1. Create a management console for multiple local Group Policies.
2. Configure the local computer settings.
3. Configure Non-Administrators security settings.
Task 1: Create a management console for multiple local Group Policies
1. Log on to LON-CL1 as administrator, and open the Microsoft Management Console.
2. Add the following snap-ins to the console:
o Group Policy Object Editor: Local Computer
o Group Policy Object Editor: Administrators
o Group Policy Object Editor: Non-Administrators
3. Save the console to the Desktop with the name Multiple Local Group Policy Editor.
Task 2: Configure the local computer settings
1. Create a logon script in the Local Computer Policy.
2. Add the following text to the script file: msgbox “Warning. You are not connected to the A
Datum Domain”.
3. Save the script file as RoamingScript.vbs.
4. Change Save as type: to All Files, and then click Save.
Task 3: Configure Non-Administrators security settings
1. Select the Non-Administrators Policy, and navigate to User Configuration > Administrative
Tools > Control Panel.
2. Enable the Prohibit access to Control Panel and PC settings setting.
After this exercise, you should have successfully created and configured multiple local GPOs.
Task 2. Testing the Application of the Local GPOs
You must now log on to test the application of local GPOs.
The main tasks for this exercise are as follows:
1. Log on as a standard user to test the policies.
2. Log on as administrator to test the policies.
Task 1: Log on as a standard user to test the policies
1. Log off from LON-CL1.
2. Log on as Adatum\Holly with the password Pa$$w0rd, and then verify that the logon script runs on
the desktop.
3. Attempt to open Control Panel.
Task 2: Log on as administrator to test the policies
1. Log on as Adatum\Administrator with the password Pa$$w0rd, and then verify that the logon
script runs on the desktop.
2. Attempt to open Control Panel.
3. Log off of LON-CL1.
After this exercise, you should have implemented and test multiple local GPOs successfully.
=To prepare for the next lab
• When you are finished the lab, leave the virtual machines running as they are needed for the next lab.
Apply the local GPOs.
Although you typically configure most security and other settings by using domain-based GPOs, you
decide that for these laptop computers, implementing local GPOs would achieve Holly’s goal of securing
these roaming computers. You decide to implement multiple local GPOs to ensure that administrator and
standard user accounts can have different settings:
• The default computer policy will be configured to display a warning dialog box.
• The non-administrators policy will be configured with certain security restrictions.
• The administrators policy will not be configured with the same security restrictions.
The main tasks for this exercise are as follows:
1. Create a management console for multiple local Group Policies.
2. Configure the local computer settings.
3. Configure Non-Administrators security settings.
Task 1: Create a management console for multiple local Group Policies
1. Log on to LON-CL1 as administrator, and open the Microsoft Management Console.
2. Add the following snap-ins to the console:
o Group Policy Object Editor: Local Computer
o Group Policy Object Editor: Administrators
o Group Policy Object Editor: Non-Administrators
3. Save the console to the Desktop with the name Multiple Local Group Policy Editor.
Task 2: Configure the local computer settings
1. Create a logon script in the Local Computer Policy.
2. Add the following text to the script file: msgbox “Warning. You are not connected to the A
Datum Domain”.
3. Save the script file as RoamingScript.vbs.
4. Change Save as type: to All Files, and then click Save.
Task 3: Configure Non-Administrators security settings
1. Select the Non-Administrators Policy, and navigate to User Configuration > Administrative
Tools > Control Panel.
2. Enable the Prohibit access to Control Panel and PC settings setting.
After this exercise, you should have successfully created and configured multiple local GPOs.
Task 2. Testing the Application of the Local GPOs
You must now log on to test the application of local GPOs.
The main tasks for this exercise are as follows:
1. Log on as a standard user to test the policies.
2. Log on as administrator to test the policies.
Task 1: Log on as a standard user to test the policies
1. Log off from LON-CL1.
2. Log on as Adatum\Holly with the password Pa$$w0rd, and then verify that the logon script runs on
the desktop.
3. Attempt to open Control Panel.
Task 2: Log on as administrator to test the policies
1. Log on as Adatum\Administrator with the password Pa$$w0rd, and then verify that the logon
script runs on the desktop.
2. Attempt to open Control Panel.
3. Log off of LON-CL1.
After this exercise, you should have implemented and test multiple local GPOs successfully.
=To prepare for the next lab
• When you are finished the lab, leave the virtual machines running as they are needed for the next lab.
No comments:
Post a Comment