NTC 324 Week 5LAB 17 CONFIGURING SECURITY POLICIES THIS LAB CONTAINS THE FOLLOWING EXERCISES AND ACTIVITIES: Exercise 17.1 Lab Challenge Exercise 17.2 Lab Challenge Configuring Security Policies Assigning User Rights Configuring Audit Policies Viewing Auditing Data Exercise 17.1 Configuring Security Policies Overview In this exercise, you examine the default Security Policy settings for your domain and then create a GPO containing new and revised settings. Mindset How can you control access to your network computers using security policies? Completion time 15 minutes Question 1 How can you tell which of the policies in the Security Options folder have changed settings in the Default Domain Policy GPO? By selecting the Default Domain Policy GPO in the Group Policy Management console and clicking the Settings tab and the Show All link, the policies configured in the GPO appear with their settings. 4. Press Alt+Prt Scr to take a screen shot showing the existing Security Options settings in the Default Domain Policy GPO. Press Ctrl+V to paste the image on the page provided in the Lab 17 worksheet file. [ ] Question 2 Why is it necessary for the Revised Options GPO to appear first in the list? The Revised Options GPO must be first in the list so that its settings will take precedence over those in the Default Domain Policy GPO. If this was not the case, then the Network Security: Force logoff when logon hours expire policy would retain its original, disabled value, instead of being enabled. Lab Challenge Assigning User Rights Overview In this exercise, you add a selection of user rights assignments to the ones that already exist. Completion time 15 minutes Your organization has created a new job role called the director, and your job is to provide the new directors with the domain controller user rights they need to perform their jobs. The Directors group has already been created in the adatum.com domain. To complete this challenge, you must grant the Directors group the following user rights to all the domain controllers on the network, without interfering with any of the existing rights. • Deny logon locally • Add workstations to domain • Force shutdown from a remote system • Enable computer and user accounts to be trusted for delegation • Manage auditing and security log • Shut down the system Write out the basic steps you have to perform to accomplish the challenge and then take a screen shot showing the user rights you configured and press Ctrl+V to paste the image on the page provided in the Lab 17 worksheet file. 1. From the Tools menu, select Group Policy Management. The GPM console appears 2. Expand the forest container and browse to the domain. Then expand the domain container and select the Group Policy Objects folder. The GPOs that currently exist in the domain appear in the Contents tab 3. Right-click the Default Domain Policy GPO and click Edit. A Group Policy Management Editor window for this policy appears. 4. Browse to the Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies node and select User Rights Assignment. The user rights assignment settings appear in the right pane. 5. Double-click “Deny Log on locally†setting and select the Define this Policy Setting check box 6. Click Add User or Group. In the next window, click Browse 7. When the next window appears, in the “Enter the object names to select†text box, type “Directors†and then click Check names 8. Click OK, then OK, then OK. The name of the group (Adatun\Directors) appears in the Deny Log on locally†Properties page. 9. Repeat steps 5 through 8 for the for the following 5 user rights assignments settings: • Add workstations to domain • Force shutdown from a remote system • Enable computer and user accounts to be trusted for delegation • Manage auditing and security log • Shut down the system Exercise 17.2 Configuring Audit Policies Overview In this exercise, you configure the auditing policies to monitor account logons and access to specific objects. Mindset How can you use the auditing capabilities in Windows Server 2012 to increase the security of your network without overwhelming yourself with data? Completion time 20 minutes Question 3 Why, in this case, is the auditing of event failures more useful than the auditing of successes? When auditing logon events, success is the normal result. A long string of successes indicates that everything is proceeding correctly. A string of logon failures, however, could indicate that someone is attempting to penetrate security by guessing passwords. Auditing failures is, therefore, a more critical indication of trouble. 9. Press Alt+Prt Scr to take a screen shot showing the policies you configured. Press Ctrl+V to paste the image on the page provided in the Lab 17 worksheet file. Question 4 Why is it prudent to limit the event log size when using auditing. Some types of auditing can generate a large amount of event log data, and limiting the maximum size of the log can prevent the system from being overwhelmed. Lab Challenge Viewing Auditing Data Overview To complete this exercise, you must demonstrate that your SVR-MBR-B computer is actually gathering the auditing data you configured its policies to gather. Mindset How do you display auditing data? Completion time 10 minutes To complete this challenge, display the auditing data you configured your server to gather in Exercise 17.2. Press Alt+Prt Scr to take a screen shot showing a sample of the data you gathered. Press Ctrl+V to paste the image on the page provided in the Lab 17 worksheet file.
Question Attachments
1 attachments —