1.5 KiB
1.5 KiB
| description |
|---|
| This week we created organizational units and group policy on our AD server |
Lab05 - ADDS & Group Policy
Create organizational units and add users/computers/groups
- Server Manager -> Active Directory Users and Computers
- rc nathan.local -> new -> Organizational Unit (named SYS255)
- rc SYS255, create three child OUs (Accounts, Computers, and Groups)
- add users Alice, Bob, and Charlie to SYS255/Accounts (default password is Pass123!)
- move WKS01-NATHAN from nathan.local/Computers to nathan.local/SYS255/Computers
- within the SYS255\Groups OU, add a global security group called custom-desktop with users Alice and Bob (not Charlie) as members
Create group policy
-
Server Manager -> Group Policy Management
-
rc nathan.local/SYS255 -> Create GPO in this domain... (name it sys255-desktop)
-
click sys255-desktop, under Security Filtering, add the custom-desktop global security group
-
remove Authenticated Users
-
add Domain Computers
-
Delegation tab -> Advanced -> Domain Computers -> Uncheck Apply Group Policy and Select Deny
Edit group policy
- rc sys255-desktop - > Edit
remove the recycling bin
disable last login
- create a GPO under SYS255/Computers
- aplly security filtering to only domain computers
- rc DisableLastLogin -> Edit
Useful commands
gpresult /r - shows a summary of group policy on a workstation
gpresult /scope computer /r - shows a summary of computer-specific group policy
gpupdate /force - forces a group policy update