2451
Comment:
|
2408
|
Deletions are marked like this. | Additions are marked like this. |
Line 1: | Line 1: |
= Lab 04 = | = Lab 03-04 = |
Line 3: | Line 3: |
In this lab you will create some organizational groups and users in your AD. | In this lab you will create some organizational units, groups and users in your AD. In your domain controller (Using the RSAT tools or powershell): |
Line 5: | Line 5: |
In your primary domain: 1. Create an organizational unit named {{{OU_Contractors}}} a. Create a global group in the {{{OU_Contractors}}} called {{{g_contractors}}} |
1. Create an organizational unit in your domain named {{{OU_Contractors}}} and add the following items to this OU. a. Create a global group called {{{g_contractors}}} |
Line 10: | Line 8: |
1. Create a user mgr in the users folder. | 1. Create a user mgr in the users folder of your domain. |
Line 12: | Line 10: |
1. set his password and document it in the "password" page. Make sure there is no requirement to change the password. 1. Make mgr a member of the server operators group and give the account remote desktop access (through system, remote add user). a. Start Group Policy - Find the Domain Controllers Folder/OU, right click on the Default Domain Controller Policy, click edit 1. Navigate to Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignments 1. Add the mgr user to the "Allow Logon through remote desktop services" list. 1. From a command prompt or powershell type: gpupdate /force a. You will demonstrate mgr's ability by changing the password for "contractor" (Note: When you try to run server manager, it will ask for a username and password. Use the mgr username and password. After that you can run the tools from the menu and they will work for you correctly. If you run "Active Directory Users and Computers" directly without going through the server manager you will have to again use the mgr username and password each time you open it or any other tool.) In your subdomain: 1. Create a domain local group called {{{dl_temporary}}} in the users folder. a. Add {{{g_contractors}}} group to the {{{dl_temporary}}} group. |
a. Set the mgr password and document it in the "password" page. Make sure there is no requirement to change the password. 1. Create a new folder on your cpte230a and share it. Make the share name {{{contractors}}}. a. Set permissions on the share to allow {{{g_contractors}}} to read and write to it. a. Set permissions on the share to give the mgr user full control. 1. You will demonstrate mgr's ability by changing the password for "contractor". a. You can demonstrate this by logging in to your windows 10 machine and starting the active directory users and computers tool. a. Find the contractor user and reset the password. |
Line 26: | Line 19: |
1. Document the OU structures added and Groups added to each domain on the domains page. 1. Do this in a new section called "Organizational Units" and "Groups" |
1. Document the OU structures added and Groups added to each domain on the domains page. Do this in a new section called "Organizational Units" and "Groups" 1. Document the Share created and its purpose in a new section called "Shared Resources" |
Line 31: | Line 24: |
||Video Shows: OU structures and groups created in the instructions ||20 || ||Video Shows: A remote login event using the mgr user. ||30 || ||Video Shows: the mgr user changing the password for the contractor user. ||30 || |
||Video Shows: Server Manager on Windows 10 || 10 || ||Video Shows: WAC running on Windows 10 with access to server || 10 || ||Video Shows: Remote Power Shell session from windows 10 machine to server || 10 || ||Video Shows: OU structures and groups created in the instructions ||10 || ||Video Shows: A remote desktop login to windows 10 using the mgr user. ||10 || ||Video Shows: the mgr user changing the password for the contractor user on the windows 10 machine. ||10 || ||Video Shows: the contractor user accessing the file share and adding a new text file || 10 || ||Video Shows: the mgr user accessing the file share and deleting the new text file || 10 || |
Lab 03-04
Instructions
In this lab you will create some organizational units, groups and users in your AD. In your domain controller (Using the RSAT tools or powershell):
Create an organizational unit in your domain named OU_Contractors and add the following items to this OU.
Create a global group called g_contractors
Create a user called contractor and put them in g_contractors group.
- Create a user mgr in the users folder of your domain.
Make mgr the Administrator for the OU_Contractors by using the delegation wizard. Make sure the the user has "Reset user passwords..." and "Modify the membership of a group"
- Set the mgr password and document it in the "password" page. Make sure there is no requirement to change the password.
Create a new folder on your cpte230a and share it. Make the share name contractors.
Set permissions on the share to allow g_contractors to read and write to it.
- Set permissions on the share to give the mgr user full control.
- You will demonstrate mgr's ability by changing the password for "contractor".
- You can demonstrate this by logging in to your windows 10 machine and starting the active directory users and computers tool.
- Find the contractor user and reset the password.
Documentation
- Document the OU structures added and Groups added to each domain on the domains page. Do this in a new section called "Organizational Units" and "Groups"
- Document the Share created and its purpose in a new section called "Shared Resources"
Video Grade Guide
Topics |
Points |
Video Shows: Server Manager on Windows 10 |
10 |
Video Shows: WAC running on Windows 10 with access to server |
10 |
Video Shows: Remote Power Shell session from windows 10 machine to server |
10 |
Video Shows: OU structures and groups created in the instructions |
10 |
Video Shows: A remote desktop login to windows 10 using the mgr user. |
10 |
Video Shows: the mgr user changing the password for the contractor user on the windows 10 machine. |
10 |
Video Shows: the contractor user accessing the file share and adding a new text file |
10 |
Video Shows: the mgr user accessing the file share and deleting the new text file |
10 |
Video talks through the required documentation. |
20 |