Lab 05 ‐ ADDS - Isaiah-River/SYS-255-02-SYSAdmin GitHub Wiki

For today's lab we worked on setting up group policies, and familiarizing ourselves with organizational units. We started by going into active directory users and computers. After this I went into my isaiah.local domain and right click created a new organizational unit name "SYS255." Under this newly created OU, I made three more OUs, Accounts, Computers, and Groups. I then created three users, bob, alice, and charlie under the accounts OU.

I then drag and dropped my wks01 computer to the newly created Computers OU. After this under the Groups OU I made a new global security group with the name "custom-desktop" and double clicked it and went to members to add the users bob and alice.

I then opened up Group Policy Management, and navigated to my SYS255 OU and created a new group policy object and called it sys255-desktop. After creating this I double clicked it to create a security filter to restrict users from applying or reading the group policy. I started by adding my recently created "custom-desktop" group and removing the authenticated users from the security filter, and adding Domain Computers.

I then went to the delegations tab and set it so Domain Computers could not apply group policy.

I then right clicked > edited my sys255-desktop group policy. I then navigated under user configuration and found Remove Recycle Bin icon from desktop.

I then double clicked this and enabled it.

After this I logged onto my wks01 VM with my newly created alice account. I was greeted by a desktop without a recycling bin and used the command gpresult /r to view my group policies and grabbed a screenshot.

After this I created a computer policy to disable the previously logged on users feature. I started by going into Group Policy Management and creating a GPO under my SYS255 > Computers OU. Similar to before I set the security filtering to Domain Computers, and removed authenticated users. I then went under computer configurations to find "Do not display last user name."

I then made sure to enable this policy.

After this I started an elevated command prompt on wks01 and used the commands gpupdate /force and then gpresult /scope computer /r. The first command updated the group policies, and the second one showed the applied group polices.

For the end of the lab I created a detailed plan for finishing my assessment on Tuesday in a timely manner. I started by creating a bookmark folder with links to all my assignments and tech journals split into five parts. After this I created the following diagram to lay out my various parts I have to complete for each part of my lab.