1
00:00:18,810 --> 00:00:19,920
Exercise one.

2
00:00:20,040 --> 00:00:24,630
Implementing security policies for accounts, passwords and administrative groups.

3
00:00:25,500 --> 00:00:28,140
Task one Identify the required settings.

4
00:00:29,040 --> 00:00:29,520
One.

5
00:00:29,580 --> 00:00:35,670
Read the documentation provided to fill in the table of settings according to the requirements of a

6
00:00:35,670 --> 00:00:36,750
data corporation.

7
00:00:37,620 --> 00:00:39,750
Setting configuration for all users.

8
00:00:39,750 --> 00:00:41,970
Configuration for IT administrators.

9
00:00:42,810 --> 00:00:44,280
Enforce password history.

10
00:00:44,280 --> 00:00:45,000
1010.

11
00:00:45,870 --> 00:00:48,780
Maximum Password Age 60 days 30 days.

12
00:00:49,680 --> 00:00:54,930
Minimum password age one day one day minimum password length eight characters.

13
00:00:54,930 --> 00:00:55,890
Ten Characters.

14
00:00:56,730 --> 00:00:57,810
Passwords must meet.

15
00:00:57,810 --> 00:00:59,100
Complexity requirements.

16
00:00:59,130 --> 00:00:59,370
True.

17
00:00:59,370 --> 00:00:59,850
True.

18
00:01:00,660 --> 00:01:01,560
Store Password.

19
00:01:01,560 --> 00:01:03,090
Using reversible encryption.

20
00:01:03,090 --> 00:01:03,450
False.

21
00:01:03,450 --> 00:01:06,210
False account lockout duration.

22
00:01:06,210 --> 00:01:13,110
One hour administrator must unlock account lockout threshold five three reset account.

23
00:01:13,110 --> 00:01:14,970
Lockout counter after 20 minutes.

24
00:01:14,970 --> 00:01:15,720
20 minutes.

25
00:01:16,640 --> 00:01:17,120
Three.

26
00:01:17,150 --> 00:01:20,210
Answer the additional questions from the proposals document.

27
00:01:21,080 --> 00:01:22,940
A How can you configure that?

28
00:01:22,940 --> 00:01:27,620
IT administrators have different password and account lockout settings than regular users.

29
00:01:28,490 --> 00:01:35,090
Answer Use the default domain policy which applies to all users and create a fine grained password policy

30
00:01:35,090 --> 00:01:38,270
object that applies only to the required administrative groups.

31
00:01:39,170 --> 00:01:39,590
B.

32
00:01:39,890 --> 00:01:45,620
How can you identify it administrators in terms of more restricted password and account lockout settings?

33
00:01:46,480 --> 00:01:47,050
Answer.

34
00:01:47,080 --> 00:01:52,360
The administrative password and account lockout settings should apply to the IT group and the domain

35
00:01:52,360 --> 00:01:53,170
admins group.

36
00:01:54,070 --> 00:01:59,260
See how can you meet the requirement to limit the membership list for the local administrators groups

37
00:01:59,260 --> 00:02:04,840
on all member servers to only the local administrator account, the domain admins group and the group.

38
00:02:05,690 --> 00:02:10,010
Answer ensure that you have domain member servers in the same or you hierarchy.

39
00:02:10,850 --> 00:02:16,190
Assign a policy to it and then use the restricted groups feature to restrict the local administrators

40
00:02:16,190 --> 00:02:21,230
group forcefully to contain only administrators, the domain admins group and the group.

41
00:02:22,090 --> 00:02:27,340
D How can you meet the requirement that the domain admins group must include only the administrator

42
00:02:27,340 --> 00:02:32,860
account and that the enterprise admins and schema admins groups must be empty during normal operations.

43
00:02:33,740 --> 00:02:34,330
Answer.

44
00:02:34,400 --> 00:02:38,590
You cannot configure groups other than local groups with the restricted groups feature.

45
00:02:39,480 --> 00:02:42,930
For domain admins, enterprise admins and schema admins.

46
00:02:43,080 --> 00:02:46,740
You must configure the group membership manually and audit their changes.

47
00:02:47,620 --> 00:02:53,560
E How can you meet the requirement that other built in groups such as account operators and server operators

48
00:02:53,560 --> 00:02:54,970
must not contain members?

49
00:02:55,840 --> 00:02:56,370
Answer.

50
00:02:56,380 --> 00:02:58,240
Use the restricted groups feature.

51
00:02:59,110 --> 00:03:04,930
F How can you meet the requirement that you must audit all changes to users or groups in Active Directory

52
00:03:04,930 --> 00:03:07,060
Domain Services ads?

53
00:03:07,920 --> 00:03:08,480
Answer.

54
00:03:08,490 --> 00:03:12,660
Configure advanced auditing policies to audit directory services changes.

55
00:03:13,540 --> 00:03:16,720
Test to configure password settings for all users.

56
00:03:17,600 --> 00:03:23,780
One on ELO and DC, one from Server Manager Click Tools and then click group policy management.

57
00:03:24,650 --> 00:03:31,820
Two In the Group Policy Management console in the navigation pane expand forest a datum icon backslash

58
00:03:31,820 --> 00:03:38,180
domains backslash a data incom backslash group policy objects and then select the default domain policy.

59
00:03:39,060 --> 00:03:39,540
Three.

60
00:03:39,570 --> 00:03:42,690
Right click default domain policy and then click edit.

61
00:03:43,600 --> 00:03:49,750
Forward in the group policy management editor window in the navigation pane expand computer configuration

62
00:03:49,750 --> 00:03:55,330
backslash policies backslash window settings backslash security settings backslash account policies

63
00:03:55,540 --> 00:03:57,610
and then double click password policy.

64
00:03:58,510 --> 00:03:59,030
Five.

65
00:03:59,050 --> 00:04:06,130
In the details pane double click enforce password history six in the enforced password history properties

66
00:04:06,130 --> 00:04:10,000
dialog box ensure that defined this policy setting is selected.

67
00:04:10,870 --> 00:04:17,410
Seven Configure Keep Password History for 210 passwords remembered click okay and then double click

68
00:04:17,410 --> 00:04:18,790
maximum password age.

69
00:04:19,670 --> 00:04:26,000
Eight in the maximum password age properties dialog box ensure the defined this policy setting is selected

70
00:04:26,870 --> 00:04:30,170
nine configure password will expire into 60 days.

71
00:04:30,290 --> 00:04:37,160
Click okay and then double click minimum password age ten in the minimum password age properties dialog

72
00:04:37,160 --> 00:04:44,390
box ensure that defined this policy setting is selected 11 Configure password can be changed after two

73
00:04:44,390 --> 00:04:51,200
one days click okay and then double click minimum password length 12 in the minimum password length

74
00:04:51,200 --> 00:04:55,610
properties dialog box ensure the defined this policy setting is selected.

75
00:04:56,510 --> 00:04:57,200
13.

76
00:04:57,230 --> 00:05:00,500
Configure password must be at least two eight characters click.

77
00:05:00,500 --> 00:05:02,570
Okay and then double click password.

78
00:05:02,570 --> 00:05:04,340
Must meet complexity requirements.

79
00:05:05,290 --> 00:05:11,470
14 in the password must meet complexity requirements properties dialog box ensure that defined this

80
00:05:11,470 --> 00:05:18,850
policy setting is selected 15 select enabled click okay and then double click store passwords using

81
00:05:18,850 --> 00:05:26,590
reversible encryption 16 in the store passwords using reversible encryption properties dialog box ensure

82
00:05:26,590 --> 00:05:32,950
that defined this policy setting is selected 17 select disabled and then click okay.

83
00:05:33,770 --> 00:05:41,510
18 In the navigation pane click to select account lockout policy 19 in the details pane double click

84
00:05:41,510 --> 00:05:48,680
account lockout duration 20 in the account lockout duration properties dialog box click to find this

85
00:05:48,680 --> 00:05:55,190
policy setting 21 Configure account is locked out for to 60 minutes and then click okay.

86
00:05:56,020 --> 00:05:59,560
22 in the suggested value changes dialog box.

87
00:05:59,710 --> 00:06:00,520
Click okay.

88
00:06:00,640 --> 00:06:07,630
And then double click account lockout threshold 23 in the account lockout threshold properties dialog

89
00:06:07,630 --> 00:06:13,810
box configure account will lockout after defined invalid log on attempts click okay and then double

90
00:06:13,810 --> 00:06:20,920
click reset account lockout counter after 24 in the reset account lockout counter after properties dialog

91
00:06:20,920 --> 00:06:28,690
box configure reset account lockout counter after 220 minutes and then click okay 25 closed the group

92
00:06:28,690 --> 00:06:35,950
policy management editor window and the group policy management console task three Configure a PSL for

93
00:06:35,950 --> 00:06:43,900
IT Administrators one on ELO and DC one from server manager Click Tools and then click Active Directory

94
00:06:43,900 --> 00:06:50,680
Administrative Center to Inactive Directory Administrative Center in the navigation pane click a datum

95
00:06:50,680 --> 00:06:51,220
local.

96
00:06:52,130 --> 00:06:57,710
Three in the details pane scroll to and double click system and then double click password settings

97
00:06:57,710 --> 00:06:58,310
container.

98
00:06:59,540 --> 00:07:05,190
In the tasks pain in the password settings, container section, click new and then click password settings.

99
00:07:06,120 --> 00:07:06,580
Five.

100
00:07:06,600 --> 00:07:12,460
In the create password settings dialog box in the password settings section, in the name field type

101
00:07:12,460 --> 00:07:19,680
of data administrators password settings six in the precedence field type ten and then ensure that enforced

102
00:07:19,680 --> 00:07:26,730
minimum password length is selected seven in the minimum password length characters textbox type ten

103
00:07:26,940 --> 00:07:32,850
and then ensure that enforced password history is selected eight in the number of passwords remembered

104
00:07:32,850 --> 00:07:39,060
text box type ten ensure that password must need complexity requirements is selected and then ensure

105
00:07:39,060 --> 00:07:42,390
that store password using reversible encryption is not selected.

106
00:07:43,260 --> 00:07:48,660
Nine Under Password Age Options Ensure that enforced minimum password age is selected.

107
00:07:49,500 --> 00:07:56,220
Ten In the user cannot change the password within days text box type one and then ensure that the enforced

108
00:07:56,220 --> 00:07:58,800
maximum password age checkbox is selected.

109
00:07:59,670 --> 00:08:06,450
11 in the user must change the password after days textbox type 30 and then select the in-force account

110
00:08:06,450 --> 00:08:08,010
lockout policy checkbox.

111
00:08:08,890 --> 00:08:09,430
12.

112
00:08:09,460 --> 00:08:13,270
In the number of failed log on attempts allowed text box type three.

113
00:08:14,150 --> 00:08:21,110
13 in the reset failed log on attempts count after mince text box take 20 and then select account will

114
00:08:21,110 --> 00:08:24,860
be locked out until an administrator manually unlocks the account.

115
00:08:25,760 --> 00:08:34,070
14 In the directly applies to section click add 15 in the select users or groups dialog box under Enter

116
00:08:34,070 --> 00:08:39,800
the object names to select type it and then click check names 16.

117
00:08:39,890 --> 00:08:45,350
The name not found dialog box appears because it is not a global group but a universal group.

118
00:08:46,200 --> 00:08:48,750
Click Cancel 17.

119
00:08:48,840 --> 00:08:52,980
Switch to server manager, click Tools and then click Windows PowerShell.

120
00:08:53,820 --> 00:08:54,480
18.

121
00:08:54,660 --> 00:09:01,050
At the Windows PowerShell command prompt typed the following command and then press enter get aid group.

122
00:09:02,460 --> 00:09:09,180
19 verify that the IT group has a group scope of universal 20 at the command prompt.

123
00:09:09,210 --> 00:09:13,050
Type the following command and then press enter said add.

124
00:09:13,170 --> 00:09:13,650
Group it.

125
00:09:13,920 --> 00:09:14,520
Group Scope.

126
00:09:14,520 --> 00:09:16,620
Global 21.

127
00:09:16,770 --> 00:09:24,150
Switch back to the create password settings a datum administrative password settings dialog box 22 in

128
00:09:24,150 --> 00:09:31,200
the select users or groups dialog box under enter the object names to select type i.t domain admins

129
00:09:31,200 --> 00:09:32,610
and then click check names.

130
00:09:33,510 --> 00:09:34,980
The names are both resolved.

131
00:09:35,830 --> 00:09:36,190
Click.

132
00:09:36,190 --> 00:09:36,670
Okay.

133
00:09:37,510 --> 00:09:38,320
23.

134
00:09:38,590 --> 00:09:44,590
Click okay to close the create password settings a daytime administrative password settings dialog box

135
00:09:44,590 --> 00:09:46,690
and create the password settings object.

136
00:09:46,700 --> 00:09:56,200
PSL 24 in Active Directory Administrative Center in the Navigation Pane Click Overview 25 in the details

137
00:09:56,200 --> 00:10:03,160
pane in the global search box type addy skinner and then press enter the user object of Abby Skinner

138
00:10:03,160 --> 00:10:03,790
is found.

139
00:10:04,630 --> 00:10:05,440
26.

140
00:10:05,590 --> 00:10:09,010
In the tasks pane click view result and password settings.

141
00:10:09,910 --> 00:10:13,770
Note that the a datum administrative password settings so applies.

142
00:10:13,780 --> 00:10:16,660
Abby is in the IT group and then click cancel.

143
00:10:18,260 --> 00:10:24,290
27 in the global search box type Adam Hobbs and then press enter 28.

144
00:10:24,440 --> 00:10:27,800
In the tasks pane click view result and password settings.

145
00:10:28,700 --> 00:10:32,120
Note that no resultant fine grained password settings apply.

146
00:10:32,270 --> 00:10:36,960
Adam is not in the i.t group and the default domain policy settings apply to him.

147
00:10:36,980 --> 00:10:37,670
And then click.

148
00:10:37,670 --> 00:10:38,180
Okay.

149
00:10:38,990 --> 00:10:46,580
29 Close Active Directory Administrative Center and Windows PowerShell task for implement administrative

150
00:10:46,580 --> 00:10:53,660
security policies one on low and DC one from server manager click tools and then click.

151
00:10:53,690 --> 00:10:55,670
Active Directory Administrative Center.

152
00:10:56,510 --> 00:11:01,910
Two Inactive Directory Administrative Center in the navigation pane click a datum local.

153
00:11:02,790 --> 00:11:10,260
Three in the tasks pane in the a datum local section click new and then click organizational unit for

154
00:11:10,260 --> 00:11:16,230
again the create organizational unit dialog box in the name field type a datum servers and then click

155
00:11:16,230 --> 00:11:23,760
okay fight inactive directory administrative center in the details pane double click computers, select

156
00:11:23,770 --> 00:11:31,740
L1 SVR one and then press and hold the shift key and click L1 SVR two Both servers now are selected

157
00:11:32,610 --> 00:11:36,780
six in the tasks pane in the two items selected section click move.

158
00:11:37,680 --> 00:11:42,450
Seven in the movie dialog box, select a date and servers and then click okay.

159
00:11:43,260 --> 00:11:50,190
Eight Close Active Directory Administrative Center, nine in server manager Click Tools and then Click

160
00:11:50,190 --> 00:11:51,540
Group Policy Management.

161
00:11:52,410 --> 00:11:59,070
Ten In the Group Policy Management Console under forests a datum icon backslash domains backslash a

162
00:11:59,070 --> 00:12:05,790
date and icon locate and click to select a datum servers right click a datum servers and then click

163
00:12:05,790 --> 00:12:08,550
create a GPO in this domain and link it here.

164
00:12:09,420 --> 00:12:16,290
11 In the new GPO dialog box in the name field type restricted administrators on member servers and

165
00:12:16,290 --> 00:12:22,920
then click okay 12 in the details pane right click the restricted administrators on Number Server's

166
00:12:22,920 --> 00:12:30,720
GPO and then click edit 13 in the group policy management editor window expand computer configuration

167
00:12:30,720 --> 00:12:36,360
backslash policies backslash window settings backslash security settings click to select restricted

168
00:12:36,360 --> 00:12:39,750
groups, right click restricted groups and then click add group.

169
00:12:40,650 --> 00:12:41,350
14.

170
00:12:41,370 --> 00:12:48,570
In the ad group dialogue box, in the group field type administrators and then click okay 15 in the

171
00:12:48,570 --> 00:12:56,310
Administrators Properties dialog box under members of this group, click add 16 in the Add Member Dialog

172
00:12:56,310 --> 00:13:04,440
Box, Click Browse 17 in the Select Users Service Accounts or groups dialog box in the Enter the object

173
00:13:04,440 --> 00:13:10,290
names to select text box type domain admins it click check names and then click okay.

174
00:13:11,120 --> 00:13:11,750
18.

175
00:13:11,780 --> 00:13:17,660
In the ad number dialog box in the members of this group section, add administrator to the string and

176
00:13:17,660 --> 00:13:18,620
then click okay.

177
00:13:19,460 --> 00:13:25,580
19 Verify that the Administrator Properties Dialog Box now shows the following in members of this group

178
00:13:25,580 --> 00:13:26,750
and then click okay.

179
00:13:27,590 --> 00:13:29,660
A date and backslash domain admins.

180
00:13:30,530 --> 00:13:33,950
A date and backslash IT Administrator.

181
00:13:34,820 --> 00:13:44,090
20 closed the group policy management ed window 21 on loan SVR one click start type cmd and then Click

182
00:13:44,090 --> 00:13:51,290
Command Prompt 22 in the administrator command prompt window type the following command and then press

183
00:13:51,290 --> 00:13:59,540
enter pop date slash force 23 Wait until the command updates the computer policy and the user policy

184
00:14:00,410 --> 00:14:09,350
24 on low and SVR one click start and then click server manager 25 from Server Manager Click Tools and

185
00:14:09,350 --> 00:14:16,610
then Click Computer Management 26 in Computer Management, Expand system tools, backslash local users

186
00:14:16,610 --> 00:14:18,320
and groups and then click groups.

187
00:14:19,200 --> 00:14:20,070
27.

188
00:14:20,370 --> 00:14:26,190
Double click administrators and then verify that a datum backslash domain admits a datum backslash ID

189
00:14:26,640 --> 00:14:29,280
and the local administrator are members of this group.

190
00:14:30,120 --> 00:14:30,780
28.

191
00:14:30,960 --> 00:14:33,720
Close all open windows except for server manager.

192
00:14:34,610 --> 00:14:35,330
29.

193
00:14:35,510 --> 00:14:39,980
Switch back to low and DC one and then switch to group policy management.

194
00:14:40,920 --> 00:14:43,650
Throw in the group policy management console.

195
00:14:43,680 --> 00:14:45,720
Expand domain controllers right.

196
00:14:45,720 --> 00:14:49,470
Click the default domain controllers policy link and then click edit.

197
00:15:05,800 --> 00:15:12,760
31 in the group policy management ed window expand computer configuration backslash policies backslash

198
00:15:12,760 --> 00:15:18,250
window settings backslash security settings click to select restricted groups, right click restricted

199
00:15:18,250 --> 00:15:20,110
groups and then click add group.

200
00:15:21,010 --> 00:15:21,820
32.

201
00:15:21,850 --> 00:15:27,330
In the ad group dialogue box, in the group field type server operators and then click okay.

202
00:15:28,220 --> 00:15:29,070
33.

203
00:15:29,090 --> 00:15:34,460
In the server operators properties dialog box, keep the default settings of this group should contain

204
00:15:34,460 --> 00:15:36,350
no members and then click okay.

205
00:15:37,240 --> 00:15:38,020
34.

206
00:15:38,200 --> 00:15:39,130
Repeat the steps.

207
00:15:39,130 --> 00:15:41,830
3233 for the account operators group.

208
00:15:42,700 --> 00:15:50,920
35 closed the group Policy Management Ed window and the Group Policy Management Console Task five implement

209
00:15:50,920 --> 00:15:58,570
administrative auditing one on ELO and DC one from server manager Click Tools and then click group policy

210
00:15:58,570 --> 00:15:59,170
management.

211
00:16:00,040 --> 00:16:07,960
Two In the Group Policy Management Console Expand Forest a datacom backslash domains a datacom backslash

212
00:16:07,960 --> 00:16:14,080
group policy objects select the default domain controllers policy right click default domain controllers

213
00:16:14,080 --> 00:16:15,910
policy and then click edit.

214
00:16:16,810 --> 00:16:23,500
Three in the group policy management ed window expand computer configuration backslash policies backslash

215
00:16:23,500 --> 00:16:29,110
windows settings backslash security settings backslash advanced added policy configuration backslash

216
00:16:29,110 --> 00:16:32,560
added policies and then click to select RDS access.

217
00:16:33,460 --> 00:16:39,010
Four in the details pane double click audit directory services changes five.

218
00:16:39,040 --> 00:16:45,130
In the Audit Directory Services Changes Properties Dialog Box Select Configure the following audit events,

219
00:16:45,310 --> 00:16:53,140
select the success checkbox and then click okay six in the navigation pane navigate to computer configuration

220
00:16:53,140 --> 00:16:59,080
backslash policies backslash window settings backslash security settings backslash advanced audit policy

221
00:16:59,080 --> 00:17:06,010
configuration backslash added policies and then click to select account management seven in the details

222
00:17:06,010 --> 00:17:12,640
pane double click Audit Security Group Management eight In the Audit Security Group Management Properties

223
00:17:12,640 --> 00:17:18,820
Dialog Box Select Configure the following audit events, select the success checkbox and then click

224
00:17:18,820 --> 00:17:26,140
okay nine in the navigation pane navigate to computer configuration backslash policies backslash window

225
00:17:26,140 --> 00:17:32,170
settings backslash security settings backslash local policies click to select security options and then

226
00:17:32,170 --> 00:17:38,380
double click the Audit Force Audit Policy, Subcategory Settings, Windows Vista or later to override

227
00:17:38,380 --> 00:17:40,210
Audit Policy Category Settings.

228
00:17:41,130 --> 00:17:47,520
Ten in the audit force audit policy subcategory settings, Windows Vista or later to override audit

229
00:17:47,520 --> 00:17:53,880
policy category settings dialog box select defined this policy settings ensure that enabled is selected

230
00:17:53,880 --> 00:18:00,780
and then click okay 11 closed the group Policy Management Editor Window and the group policy management

231
00:18:00,780 --> 00:18:10,920
console 12 on low and DC one from start screen type cmd and then Click Command Prompt 13 in the administrator

232
00:18:10,920 --> 00:18:17,100
command prompt window type the following command and then press enter pop date slash force.

233
00:18:18,040 --> 00:18:18,770
14.

234
00:18:18,790 --> 00:18:21,590
From Server Manager Click Tools and then click.

235
00:18:21,610 --> 00:18:23,830
Active Directory Users and Computers.

236
00:18:24,730 --> 00:18:30,170
15 In Active Directory Users and computers from the view menu enable the advanced features.

237
00:18:30,190 --> 00:18:37,750
View 16 in the navigation pane, click to select a daytime icon, right click a datum icon and then

238
00:18:37,750 --> 00:18:38,680
click properties.

239
00:18:39,580 --> 00:18:40,340
17.

240
00:18:40,360 --> 00:18:48,220
In the Daytime Icon Properties dialog box on the security tab, click advanced 18 in the advanced security

241
00:18:48,220 --> 00:18:53,890
settings for a daytime dialog box on the auditing tab, double click the success auditing entry for

242
00:18:53,890 --> 00:18:57,400
everyone with special access which applies to this object only.

243
00:18:58,310 --> 00:19:03,920
19 in the auditing entry for a datum dialog box in the applies to dropdown list box.

244
00:19:04,070 --> 00:19:06,740
Select this object and all descendant objects.

245
00:19:07,650 --> 00:19:08,110
20.

246
00:19:08,400 --> 00:19:09,060
Click okay.

247
00:19:09,060 --> 00:19:11,760
Three times to close all open dialogue boxes.

248
00:19:12,660 --> 00:19:13,410
21.

249
00:19:13,440 --> 00:19:18,210
Inactive directory users and computers in the navigation pane if necessary.

250
00:19:18,240 --> 00:19:21,570
Expanded data imdb.com and then click to select users.

251
00:19:22,410 --> 00:19:23,200
22.

252
00:19:23,220 --> 00:19:27,810
In the details pane double click domain admins 23.

253
00:19:27,840 --> 00:19:34,440
In the domain admins properties dialog box, click the members tab and then click Add 24.

254
00:19:34,470 --> 00:19:41,340
In the Select Users Contacts, Computers, Service Accounts or groups dialog box in the enter the object

255
00:19:41,340 --> 00:19:47,880
names to select textbox type A-B Click Check Names Select Abby Skinner and then click okay three times

256
00:19:48,750 --> 00:19:56,550
25 Inactive Directory users in computers in the navigation pane click to select marketing 26.

257
00:19:56,700 --> 00:20:01,290
In the details pane double click eight of Russell 27.

258
00:20:01,290 --> 00:20:07,800
In the ADA Russell Properties dialog box on the address tab in the city text box, select London, type

259
00:20:07,800 --> 00:20:17,100
Birmingham and then click okay 28 Close Active Directory users and Computers 29 in server manager Click

260
00:20:17,100 --> 00:20:19,050
Tools and then Click Event Viewer.

261
00:20:19,960 --> 00:20:20,340
30.

262
00:20:20,500 --> 00:20:24,270
In event viewer expand Windows Logs and then click security.

263
00:20:25,160 --> 00:20:25,940
31.

264
00:20:26,000 --> 00:20:32,240
In the details pane search for the most recent event ID 4728 and then double click the event.

265
00:20:33,160 --> 00:20:33,730
32.

266
00:20:37,420 --> 00:20:38,710
In the event properties.

267
00:20:38,710 --> 00:20:40,370
Event 4728.

268
00:20:40,540 --> 00:20:43,510
Microsoft Windows Security Auditing Dialog Box.

269
00:20:43,750 --> 00:20:44,620
You get the message.

270
00:20:44,620 --> 00:20:47,290
A member was added to a security enabled global group.

271
00:20:48,170 --> 00:20:53,690
You can see that a and backslash administrator invoked the change and that a datum backslash A-D was

272
00:20:53,690 --> 00:20:56,390
added to the a datum backslash domain admins group.

273
00:20:57,290 --> 00:20:58,170
33.

274
00:20:58,190 --> 00:21:03,770
In event viewer in the Windows Logs Backslash Security Log Node search for the two most recent event

275
00:21:03,770 --> 00:21:07,940
IDs 5136 then double click the older of the two events.

276
00:21:08,900 --> 00:21:09,680
34.

277
00:21:09,710 --> 00:21:12,680
In the event properties event 5136.

278
00:21:12,890 --> 00:21:15,800
Microsoft Windows Security Auditing Dialog Box.

279
00:21:15,950 --> 00:21:20,240
You will see the following message A directory service object was modified.

280
00:21:21,110 --> 00:21:26,480
You can see that a date and backslash administrator has modified the user object C and equals eight

281
00:21:26,540 --> 00:21:31,910
Russell and then deleted the London value on the right side of the dialog box.

282
00:21:32,150 --> 00:21:34,370
Click the up arrow to move to the next event.

283
00:21:35,270 --> 00:21:38,030
Note in the event properties details page.

284
00:21:38,030 --> 00:21:43,400
Notice that a date and backslash administrator modified Ada Russell and added the Birmingham value.

285
00:21:44,300 --> 00:21:48,140
35 closed all open windows except for server manager.