Lab05 Setup - jacob-dinapoli/tech-journal GitHub Wiki

  • First Step: OU Structure Creation
    • Log into the ad01 vm
    • Open up Active Directory Users and Computers
      • Located within the Server Manager
    • The first thing we want to do is create an organizational unit called "SYS255", within this group we will add OU's for Accounts, Computers, and Groups.
    • Right click user name (jacob.local)
    • Select New
    • Select Organizational Unit
    • Name it whatever you want (SYS255(1))
    • Right click on the newly created unit and enter the following units:
      • Accounts
      • Computers
      • Groups
    • All of these objects are defined by what's known as the Schema, which can be thought of as an instruction sheet listing all the available pieces. In this case, the schema objects make up a database, which is what ADDS essentially is.
  • Second Step: Create Users and Groups
    • Right Click on the Accounts unit and add new users
      • alice
        • Champlain!123
      • bob
        • Champlain!123
      • charlie
        • Champlain!123
    • Drag WKS01 from the yourname.local\Computers OU to the SYS255\Computers OU. This will allow us to treat SYS255 OU Computers differently than others.
    • Add a global security group called custom-desktop with users alice and bob as members
      • Right click on the Groups unit
      • Add new Group called custom-desktop
      • Click OK.
      • Go back into it and click on the members tab to add alice and bob
  • Third Step: Group Policy - User
    • Create a group policy that defines some User level settings
    • In Server Manger in the Tools tab, Click on the Group Policy Management
    • Notice how you will not be able to view the Users.
  • Fourth Step: Creating a User Policy
    • Select the SYS255 OU and create a new group policy object called sys255-desktop. Once created, right click on the object and select Edit.
    • Now, this SYS255-desktop Group Policy should only apply to those users in this OU who are members of the custom-desktop security group. You set this using the security filters section of the group policy. By default, All Authenticated Users have access to apply and read group policy, we will restrict this through the following steps.
      • Step 1. Add the custom-desktop group created earlier to the Security Filter
      • Step 2. Remove Authenticated Users from the Security Filter.
      • Step 3, Add Domain Computers
      • Step 4. Delegation->Advanced (Uncheck Apply Group Policy, Select Deny)
  • Fifth Step: Wallpaper Policy
    • We will want to create an image to be used as the default background for users.
    • Create a folder on the C: drive of your ad01 server named Wallpapers and save your image in it. Next, share that folder so that Everyone group has read access.
    • Go back into the Group Policy Management Editor
    • Right click on the SYS255 unit
    • User Configuration > Policies > Administrative Templates > Desktop > Desktop
    • Click on the Desktop Wallpaper on the right side of the window
    • Click on the policy setting
    • Set the wallpaper location
    • Click apply.