ADD Lab - michael-D-S/SYS-255 GitHub Wiki

Michael Sargent SYS-255-02, 9/25/2024

ADD Lab ,Tech Journal

Overview:

Basic set up of GPO's and adding of users: alice, bob, and charlie. along with a new group custom-desktop. I also set up OU's within my new domain of SYS255, with 3 OU's within it: Accounts, Computers, Groups.

Logins for future labs:

alice: Al1c310g1n

bob: B0b$10g1n

charlie: Ch@rl1310g1n

plan for assessment:

My plan is to focus on a two phase plan. phase 1 is setting up devices and the firewall settings, no services. The second phase is the services phase here I will set up the Active directory and the DNS as well as the DHCP server, the goal is to get to the services section either at the end or or towards the end of the 3 hour class period.

NetworkDiagram

Lab Notes:

  • Open ad01
  • Open up Active Directory Users and Computers
  • Create an OU called "SYS255",& within this OU we will add child OU's for Accounts, Computers, and Groups.
  • Within the SYS255\Accounts OU, create users Alice, Bob and Charlie
  • Remember their passwords
  • Move wks01 under the computer OU
  • Within the SYS255\Groups OU, add a global security group called custom-desktop with users Alice and Bob (not Charlie) as members.
  • Open Group Policy Management tool
  • Select the SYS255 OU and create a new group policy object (GPO) called sys255-desktop. Once created, right click on the object and select Edit.
  • Now, this SYS255-desktop Group Policy should only apply to those users in this OU who are members of the custom-desktop security group. You set this using the security filters section of the group policy. By default, All Authenticated Users have access to apply and read group policy, we will restrict this through the following steps.
  • Add the custom-desktop group created earlier to the Security Filter
  • Remove Authenticated Users from the Security Filter.
  • Delegation tab -> Advanced (Uncheck Apply Group Policy, Select Deny)
  • Right click on the what you just created and select the edit field
  • Find the Remove Recycle Bin icon setting under User Configuration, and click Edit Policy Setting in the group policy editor.
  • Enable the Remove Recycle Bin Icon from Desktop setting.
  • Click Apply. Ok, and close the Group Policy editor.
  • Create and Link a new GPO within the SYS255\Computers OU called DisableLastLogin.
  • The Security Filter on this policy should be applied to Domain Computers (not Authenticated Users) similar to earlier. Then edit the policy so that the "Do not display last user name" is enabled.