6
ask Summary
Actions you were required to perform
Configure the Allow log on locally user right in the Default Domain Policy GPO
Hide Details
Add Administrators
Add Backup Operators
Add Power Users
Add Users
Do not add any additional groups
Create and link the Server Logons GPO
Hide Details
Hide Details
Hide
Add administrators
Do not add any additional groups
Explanation
To edit user rights, browse to Computer Configuration\Policies\Windows Settings\Security
Settings\Local Policies\User Rights Assignment. When adding users or groups, be aware of
the following:
To add a local user or group, simply type the name of the group you want to add.
To add a domain user or group, include the domain name in the object name (for
example: mydomain\Sales).
Following are steps that an expert might take to perform the tasks in this lab.
9.
10.
11.
Scoring
Your Score: 0 of 4
Elapsed Time: 11 minutes 1 second
6.2.8
Task Summary
Actions you were required to perform
Create, link, and configure the SecureWS GPO
Hide Details
Hide Details
Hide Details
Hide Details
Explanation
To configure restricted groups, browse to Computer Configuration\Policies\Windows
Settings\Security Settings\Restricted Groups. When adding users or groups, be aware of the
following:
To add a local user or group, simply type the name of the group you want to add.
To add a domain user or group, include the domain name in the object name (for
example: mydomain\Sales).
Following are steps that an expert might take to perform the tasks in this lab.
6. Enter the group name in the Group text box. Note: Typing the group name will match a
local group. Depending on the computer you are on, you might not be able to browse and
select the local group that you want.
7. Click OK.
8. To add members to the restricted group, click the Add... button.
9. Type the name of the user or group that will be a member of the restricted group. Note: If
the user or group is a domain account, include the domain in the name (for example:
mydomain\Sales). Alternatively, you can click the Browse... button to add domain users
and groups.
10. Click OK.
Scoring
Your Score: 0 of 4
Elapsed Time: 6 minutes
Task Summary
Actions you were required to perform
Create, link, and configure the SecureWS GPO
Hide Details
Hide Details
Hide Details
Hide Details
Explanation
To configure restricted groups, browse to Computer Configuration\Policies\Windows
Settings\Security Settings\Restricted Groups. When adding users or groups, be aware of the
following:
To add a local user or group, simply type the name of the group you want to add.
To add a domain user or group, include the domain name in the object name (for
example: mydomain\Sales).
Following are steps that an expert might take to perform the tasks in this lab.
7.
8.
9.
10.
Scoring
Your Score: 3 of 4
Elapsed Time: 10 minutes 33 seconds
6.2.7
Task Summary
Actions you were required to perform
Edit the Default Domain Policy security options
Hide Details
Hide Details
Explanation
Security Options control actions that can be taken on a computer. Edit Security Options by
browsing to:
Computer Configuration\Policies\Windows Settings\Security Settings\Local
Policies\Security Options
To complete this lab, configure the following settings in the corresponding GPO:
Group Policy
Object
Default Domain
Policy
ShippingGPO
Policy
Setting
Disabled
skycaptain
Enabled
Disabled
Enabled
Enabled
Enabled
Disabled
In addition, disable the User Configuration portion of the ShippingGPO group policy object.
Following are steps that an expert might take to perform the tasks in this lab.
1.
2.
3.
4.
5.
6.
7.
8.
9.
Scoring
Your Score: 0 of 3
Elapsed Time: 5 minutes 8 seconds
6.2.9
Task Summary
Actions you were required to perform
Unlink the SecureWS GPO from the domain
Link the SecureWS GPO to the Accounting OU
Link the SecureWS GPO to the Development OU
Link the SecureWS GPO to the Marketing OU
Link the SecureWS GPO to the Research OU
Link the SecureWS GPO to the Sales OU
Link the SecureWS GPO to the Shipping OU
Explanation
Following are steps that an expert might take to perform the tasks in this lab.
Scoring
Your Score: 0 of 7
Elapsed Time: 7 minutes 51 seconds
6.3.7
Task Summary
Actions you were required to perform
Add the Domain Controllers group to the ACL for the GPO
Deny the Read permission
Deny the Apply Group Policy permission
Explanation
To prevent a GPO from applying to specific users or computers, you can edit the permissions for
the GPO. Deny the Read and Apply group policy permissions.
Following are steps that an expert might take to perform the tasks in this lab.
Scoring
Your Score: 0 of 3
Elapsed Time: 24 minutes 34 seconds
6.6.3
Task Summary
Actions you were required to perform
Set the minimum password length to 10
Enforce password complexity
Set the maximum password age to 90
Set the minimum password age to 14
Enforce password history to remember 10 passwords
Set the account lockout threshold to 5
Set the reset account lockout counter after policy to 10
Set the account lockout duration to 60
Explanation
Account policies are set in a GPO linked to the domain. In this scenario, edit the Default Domain
Policy and configure the following settings:
Policy
Password Policy
Account Lockout
Policy
Security setting
Value
10 characters
Enabled
90 days
14 days
10 passwords
remembered
5 incorrect passwords
10 minutes
60 minutes
Following are steps that an expert might take to perform the tasks in this lab.
Scoring
Your Score: 7 of 8
Elapsed Time: 6 minutes 36 seconds
6.6.4
Task Summary
Actions you were required to perform
Set the account lockout threshold to 3
Set the reset account lockout counter after value to 30
Set the account duration to 0
Explanation
To meet the requirements of this lab, edit the Default Domain Policy and modify the following
policy settings:
Following are steps that an expert might take to perform the tasks in this lab.
Scoring
Your Score: 2 of 3
Elapsed Time: 1 minute 50 seconds