Objectives

Configure Account Policies

Configure Audit Policies

Enable Disk Quotas

Requirements

Active Directory Installed on the odd numbers computer

The second server installed as a member server. Configuration Summary

Textbook Reference Role Domain

RWDCxx (Odd-numbered computers) Domain Controller (DC) lastname.local

RWDCyy (Even-numbered computers) Member Server lastname.local

SCDCxx (Server Core Installation) Domain Controller (DC) lastname.local

NOTE: RWDCzz Means perform these steps on the parent and child Procedure Complete Project 8-1, as described. Include a screenshot after part A step 6 The following screenshots are related to project 8.1-Part-A. At first I am logged on as default Administrator on my domain controller with domain soi.local.

COMP2017 Server Administration

Unit #8: Managing Users and Computers with GPO

Name:____Aryan_Soi__________________

I have created an OU named as Marketing:

A GPO named as PwdPoll was created and linked to the OU Marketing and Password Policy – Minimum Password Length was defined.

Supply Answer to question 1, 2 in lab manual on page 138. Include screen shot after part B step 1 Answer question 5, 6 on page 139. The following screenshot(relevant to project 8.1-Part-B) clearly illustrates setting of Account Lockout Threshold policy in the PwdPoll GPO linked to the OU Marketing in my domain so.local.

Complete Project 8-2, as described. Include a screenshot demonstrating the configured audit policies and event created. The following screenshot relevant to Project-8.2 illustrates logged on as user Administrator and I have also created a folder called ConfidentialFiles in the C-drive root:

I am selected “Everyone” group in my domain soi.local.

The following screenshot clearly indicates configuration of type of Auditing for the folder ConfidentialFiles:

A GPO called Audit1 was created and linked to the OU Domain Controllers in domain soi.local and in this GPO, the Audit Policy – Audit Object Access was configured as shown below:

To test the configured audit policies, users – Lab8User1 and Lab8User2 were created and I logged on with these users in my domain controller with domain soi.local and I accessed the files in the folder ConfidentialFiles in the C-drive root. The following screenshots illustrates the events created:

******************************

Review Questions

1) When you create a GPO to implement a new password policy, where must you link the GPO to have the policy affect Active Directory domain accounts?

Ans: By creating and linking a GPO to implement a new password policy at

the domain-level, all Active Directory domain accounts will be affected. All

OUs that do not have the Block Inheritance setting enabled will inherit the

new password policy as well.

2) What does the Reset Account Lockout Counter After setting do? Ans. The ‘Reset Account Lockout Counter After’ setting resets the counter which has locked the user account after certain number of failed logon attempts. The reset is done after the number of minutes (as defined in this setting) elapsed.

Evaluation (10 Marks) Completion of Projects 8M Questions 2M