1525
Comment:
|
1939
|
Deletions are marked like this. | Additions are marked like this. |
Line 1: | Line 1: |
## page was renamed from WindowsAdministration/Lab04OuGroupLab | |
Line 2: | Line 3: |
== Instructions == In this lab you will use the organizational units, groups and users in your AD that we created last time to delegate control to managers of their department users. Then we will setup a share for each department and for each user. In your domain controller (Using the RSAT tools or powershell): |
|
Line 3: | Line 6: |
== Instructions == | 1. Delegate control over users in the OU_Sales Organizational unit to jpatterson so that he can change their password, but nothing else. a. Right click on the OU, select Delegate control, Add the user. a. On theTasks to Delegate select only the following: 1. Reset user passwords and force password change at next logon 1. Reset inetOrgPerson passwords and force password change at next logon 1. Read all inetOrgPerson information 1. Delegate control over users in the OU_Developers Organizational unit to kthompson 1. Delegate control over users in teh OU_CSuite Organizational unit to kthompson |
Line 5: | Line 15: |
In this lab you will create some organizational groups and users in In your primary domain: 1. Create an organizational unit named {{{OU_Contractors}}} a. Create a global group in the {{{OU_Contractors}}} called {{{g_contractors}}} a. Create a user called {{{contractor}}} and put them in {{{g_contractors}}} group. 1. Create a user mgr in the users folder. a. Make mgr the Administrator for the {{{OU_Contractors}}} by using the delegation wizard. a. set his password as {{{Hello123Password!}}} Make sure there is no requirement to change the password. a. Make mgr a member of the server operators group and give the account remote desktop access. a. Start Group Policy - Find the Domain Controllers Folder/OU, right click on the Default Domain Controller Policy, click edit 1. Navigate to Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assgnments 1. Add the mgr user to the "Allow Logon through remote desktop services" list. a. I will test mgr's ability by changing the password for "contractor" In your subdomain: 1. Create a domain local group called {{{dl_temporary}}} in the users folder. a. Add {{{g_contractors}}} group to the {{{dl_temporary}}} group. |
|
Line 28: | Line 17: |
1. Document the OU structures added and Groups added to each domain. 2. Do this in a new page called Lab04 and Create new pages called "Organizational Units" and "Groups" |
1. Document the Share created and its purpose in a new section called "Shared Resources" == Video Grade Guide == ||'''Topics''' ||'''Points''' || ||Video Shows: Server Manager on Windows 10 || 10 || ||Video Shows: WAC running on Windows 10 with access to server || 10 || ||Video Shows: Remote Power Shell session from windows 10 machine to server || 10 || ||Video Shows: OU structures and groups created in the instructions ||10 || ||Video Shows: A remote desktop login to windows 10 using the mgr user. ||10 || ||Video Shows: the mgr user changing the password for the contractor user on the windows 10 machine. ||10 || ||Video Shows: the contractor user accessing the file share and adding a new text file || 10 || ||Video Shows: the mgr user accessing the file share and deleting the new text file || 10 || ||Video talks through the required documentation. ||20 || |
Lab 04
Instructions
In this lab you will use the organizational units, groups and users in your AD that we created last time to delegate control to managers of their department users. Then we will setup a share for each department and for each user. In your domain controller (Using the RSAT tools or powershell):
- Delegate control over users in the OU_Sales Organizational unit to jpatterson so that he can change their password, but nothing else.
- Right click on the OU, select Delegate control, Add the user.
- On theTasks to Delegate select only the following:
- Reset user passwords and force password change at next logon
- Reset inetOrgPerson passwords and force password change at next logon
- Read all inetOrgPerson information
- Delegate control over users in the OU_Developers Organizational unit to kthompson
- Delegate control over users in teh OU_CSuite Organizational unit to kthompson
Documentation
- Document the Share created and its purpose in a new section called "Shared Resources"
Video Grade Guide
Topics |
Points |
Video Shows: Server Manager on Windows 10 |
10 |
Video Shows: WAC running on Windows 10 with access to server |
10 |
Video Shows: Remote Power Shell session from windows 10 machine to server |
10 |
Video Shows: OU structures and groups created in the instructions |
10 |
Video Shows: A remote desktop login to windows 10 using the mgr user. |
10 |
Video Shows: the mgr user changing the password for the contractor user on the windows 10 machine. |
10 |
Video Shows: the contractor user accessing the file share and adding a new text file |
10 |
Video Shows: the mgr user accessing the file share and deleting the new text file |
10 |
Video talks through the required documentation. |
20 |