1
00:00:06,000 --> 00:00:09,090
Lally implementing a group policy infrastructure.

2
00:00:09,980 --> 00:00:16,280
Scenario, your manager asked you to use group policy to implement standardized security settings to

3
00:00:16,280 --> 00:00:20,840
lock computer screens when users leave computers unattended for 10 minutes or more.

4
00:00:21,710 --> 00:00:27,290
You also have to configure a policy setting that will prevent access to certain programs on local computers.

5
00:00:28,160 --> 00:00:33,800
You configured group policy to lock computer screens when users leave computers unattended for 10 minutes

6
00:00:33,800 --> 00:00:34,370
or more.

7
00:00:35,270 --> 00:00:40,490
However, after some time, you were made aware that a critical application used by the research engineering

8
00:00:40,520 --> 00:00:42,710
team fails when the screen saver starts.

9
00:00:43,580 --> 00:00:48,770
An engineer asked you to prevent the GPL setting from applying to any member of the research security

10
00:00:48,770 --> 00:00:49,130
group.

11
00:00:50,010 --> 00:00:54,750
He also asked you to configure conference room computers to be exempt from corporate policy.

12
00:00:55,620 --> 00:01:00,000
However, you must ensure that the conference room computers use a two hour time out.

13
00:01:00,870 --> 00:01:05,700
Create the policies that you need to evaluate the recipes for users in your environment.

14
00:01:06,600 --> 00:01:11,940
Make sure to optimize the group policy infrastructure and verify that all policies are applied as they

15
00:01:11,940 --> 00:01:14,340
were intended objectives.

16
00:01:15,210 --> 00:01:24,450
After completing this lab, you will be able to create and configure GPOs manage GPO Scope Exercise

17
00:01:24,450 --> 00:01:25,140
Scenario.

18
00:01:25,950 --> 00:01:31,350
Your manager asked you to use group policy to implement standardized security settings to lock computer

19
00:01:31,350 --> 00:01:35,220
screens when users leave computers unattended for 10 minutes or more.

20
00:01:36,090 --> 00:01:41,100
She also asked you to configure a policy setting that will prevent access to registry editing tools

21
00:01:41,100 --> 00:01:42,210
on local computers.

22
00:01:43,080 --> 00:01:45,660
The main tasks for this exercise are as follows.

23
00:01:46,560 --> 00:01:46,980
One.

24
00:01:47,070 --> 00:01:51,360
Create an edited GPO to link the GPO.

25
00:01:52,200 --> 00:01:52,710
Three.

26
00:01:52,740 --> 00:01:54,930
View the effects of the GPO settings.

27
00:01:55,800 --> 00:01:56,600
Task one.

28
00:01:56,610 --> 00:01:57,660
Create an editor.

29
00:01:57,670 --> 00:02:07,440
GPO one on L0 and DC one from Server Manager, Open Group Policy Management Console to create a GPO

30
00:02:07,440 --> 00:02:10,760
named a date and standards in the group policy objects container.

31
00:02:11,670 --> 00:02:12,210
Three.

32
00:02:12,240 --> 00:02:18,450
Edit the a datum standards policy and then navigate to user configuration backslash policies backslash

33
00:02:18,450 --> 00:02:24,810
administrative templates backslash system for prevent users from accessing the registry by enabling

34
00:02:24,810 --> 00:02:28,020
the prevent access to registry editing tools policy setting.

35
00:02:28,860 --> 00:02:29,310
Five.

36
00:02:29,430 --> 00:02:32,550
Navigate to the user configuration backslash policies.

37
00:02:32,550 --> 00:02:34,290
Backslash Administrative Templates.

38
00:02:34,290 --> 00:02:39,630
Backslash Control Panel backslash personalization folder and then configure the screen saver.

39
00:02:39,630 --> 00:02:41,880
Time Out policy to 600 seconds.

40
00:02:42,810 --> 00:02:43,290
Six.

41
00:02:43,530 --> 00:02:44,580
Enable the password.

42
00:02:44,580 --> 00:02:50,970
Protect the screen saver policy setting and then closed the group policy management editor window task

43
00:02:50,970 --> 00:02:58,980
to link the GPO lengthy a datum standards GPO to the a datum dot com domain task three.

44
00:02:59,010 --> 00:03:06,360
View the effects of the GPO settings one sign into l0 and cl1 as a datum backslash administrator with

45
00:03:06,360 --> 00:03:14,400
the password to open control panel in Windows Firewall allow remote event log management and Windows

46
00:03:14,400 --> 00:03:15,930
Management Instrumentation.

47
00:03:15,930 --> 00:03:17,430
WMI traffic.

48
00:03:18,350 --> 00:03:21,500
Three Sign out and then sign in as a date and backslash.

49
00:03:21,500 --> 00:03:22,760
Kearney with the password.

50
00:03:23,630 --> 00:03:27,590
Four Attempt to change the screen saver, wait time and resume settings.

51
00:03:28,460 --> 00:03:31,100
You are prevented from doing this by group policy.

52
00:03:31,990 --> 00:03:32,470
Five.

53
00:03:32,770 --> 00:03:34,570
Attempt to run Registry Editor.

54
00:03:35,470 --> 00:03:39,560
You are prevented from doing this by group policy results.

55
00:03:39,730 --> 00:03:45,880
After completing this exercise, you should have created, edited and linked the required GPOs successfully.

56
00:03:46,720 --> 00:03:53,620
Exercise two scenario You used group policy to implement standardized security settings to lock computer

57
00:03:53,620 --> 00:03:57,460
screens when users leave computers unattended for 10 minutes or more.

58
00:03:58,360 --> 00:04:03,610
However, after some time, an engineer informed you that a critical application used by the research

59
00:04:03,610 --> 00:04:06,310
engineering team fails when the screen saver starts.

60
00:04:07,210 --> 00:04:12,190
He asked you to prevent the GPL setting from applying to any member of the research security group.

61
00:04:13,060 --> 00:04:17,800
He also asked you to configure conference room computers to be exempt from corporate policy.

62
00:04:18,670 --> 00:04:23,470
However, you must ensure that the conference room computers always use a two hour time out.

63
00:04:24,340 --> 00:04:26,950
The main tasks for this exercise are as follows.

64
00:04:27,820 --> 00:04:28,270
One.

65
00:04:28,420 --> 00:04:33,790
Create and link the required GPOs to verify the order of precedence.

66
00:04:34,730 --> 00:04:35,270
Three.

67
00:04:35,300 --> 00:04:41,750
Configure the scope of a GPO with security filtering for configure loopback processing.

68
00:04:42,620 --> 00:04:43,100
Five.

69
00:04:43,280 --> 00:04:46,260
Prepare for the next lab task one.

70
00:04:46,280 --> 00:04:53,750
Create and link the required GPOs one on low and DC one in group policy management console.

71
00:04:53,990 --> 00:05:00,860
Create a new GPO named Research Application Override that is linked to the research Oyu to configure

72
00:05:00,860 --> 00:05:06,560
the screensaver time out policy setting to be disabled and then close the group policy management editor

73
00:05:06,560 --> 00:05:13,760
window test to verify the order of precedence in the Group Policy Management Console Tree.

74
00:05:13,970 --> 00:05:18,170
Select the research view and then click the Group Policy Inheritance Tab.

75
00:05:19,010 --> 00:05:25,040
Notice that the research application override GPL has precedence over the date and standards GPO.

76
00:05:25,850 --> 00:05:30,950
The Screen Saver Time Out policy setting that you just configured in the research application override

77
00:05:30,950 --> 00:05:34,910
GPO will be applied after the setting in the A Date and standards GPO.

78
00:05:35,750 --> 00:05:39,680
Therefore, the new setting will overwrite the standard setting and will prevail.

79
00:05:40,550 --> 00:05:45,440
Screen Saver Timeout will be unavailable for users within the scope of the research application.

80
00:05:45,440 --> 00:05:46,700
Override GPO.

81
00:05:47,510 --> 00:05:55,460
Task three Configure the scope of a GPO with security filtering one on L0 and DC, one in group policy

82
00:05:55,460 --> 00:05:56,570
management console.

83
00:05:56,810 --> 00:05:59,780
Select the research application override GPO.

84
00:06:00,590 --> 00:06:06,440
Notice that in the security filtering section, the GPO applies by default to all authenticated users.

85
00:06:07,280 --> 00:06:13,430
Two In the security filtering section remove authenticated users and add the research group and clone

86
00:06:13,430 --> 00:06:14,240
SEAL one.

87
00:06:15,050 --> 00:06:22,730
Task four Configure Loopback Processing one on L0 and DC one in group policy management console.

88
00:06:22,970 --> 00:06:30,380
Create a new choice named kiosks under the domain two under kiosks create a child choice named conference

89
00:06:30,380 --> 00:06:30,830
rooms.

90
00:06:31,770 --> 00:06:32,250
Three.

91
00:06:32,460 --> 00:06:39,090
Create a new GPO named conference room settings and then link it to the conference rooms U four and

92
00:06:39,090 --> 00:06:45,450
at the conference room settings GPO and then modify the screen saver timeout policy to launch the screensaver

93
00:06:45,450 --> 00:06:47,130
after 120 minutes.

94
00:06:48,000 --> 00:06:48,480
Five.

95
00:06:48,510 --> 00:06:54,960
In the computer configuration section of the GPO, modify the configure user group policy loopback processing

96
00:06:54,960 --> 00:06:58,620
mode policy setting to use merge mode results.

97
00:06:58,800 --> 00:07:04,320
After completing this exercise, you should have configured the required scope of the GPO successfully.