IntroductionIn this lab we'll use Group Policies to setup our environment for our users. We will also create an environment for users who need to have restricted access. Then we'll use group policies to install software on our client computers. The high level steps are the following:
We want to create a policy that will set some settings for our users. One thing we're going to do is redirect the Documents folder to their home folder. This way if they save to the Documents folder it will be stored on the server. We're also going to have Windows 8.1 go to the desktop automatically when users sign in. Finally we are going to remove the Change Password link from the Ctl+Alt+Delete screen since we don't want our users changing their passwords. Create a Group Policy Object (GPO) named "Oak Forest Users" with the following settings: User Configuration - Policies
Server01 - Create Group Policy for Users Once the GPO is created link it to the "Oak Forest Users" OU. This time around try dragging the GPO from the "Group Policy Objects" container to the "Oak Forest Users" OU. Server01 - Link the GPO to the Users OU Now we can test out the settings on our client. Log into Client01 as MSmith and verify the Documents folder is redirected Mike's home folder. Press Ctl+Alt+Delete and make sure the Change Password link is gone. If they aren't working proceed to the next step for troubleshooting tips. Client01 - Test User Settings If the settings aren't applied then you may need to force the client to retrieve the updated policy settings from the server. Run gpupdate /force from a command prompt on Client01. Client01 - Run GPUpdate In Lesson 3 we learned the difference between a container and OU is you can apply a group policy to an OU. When we joined Client01 to the domain it's computer account was placed in the Computers container. We need to create an OU for our computers and move Client01's computer account to the OU. Create an OU named "Oak Forest Computers" at the same level as "Oak Forest Users" and move Client01's computer account to it. Server01 - Create Computers OU We want to create a policy that will make the IT department local administrators on our client computers. That way when a member of the IT team signs into a client computer they will be able to work on the computer. Create a Group Policy Object (GPO) named "Oak Forest Computers" with the following settings: Computer Configuration - Policies
Server01 - Create Group Policy for Computers Once the GPO is created link it to the "Oak Forest Computers" OU. This time around try right clicking on the "Oak Forest Computers" OU and link an existing GPO. If the "Oak Forest Computers" OU is missing you may have to refresh Group Policy Management to see the newly created OU. Right click on the domain and hit refresh in Group Policy Management. Server01 - Link the GPO to the Computers OU Run gpupdate /force from a command prompt on Client01. Restart the client then see if the local administrators group contains the changes you made. We are going to use Microsoft Management Console to do this. Run MMC as administrator and add the Local Users and Groups snap in. In there you will find the local Administrators group. Client01 - Test Computer Settings We have a user that needs to be restricted. We will create an OU for restricted users and move Ana Mull to this OU. Create an OU named "Restricted Users" under "Oak Forest Users" and move Ana Mull to the new OU. Server01 - Create Restricted Users OU Create and link a Group Policy Object (GPO) named "Restricted Users" with the following settings: User Configuration - Policies
Server01 - Create Group Policy for Restricted Users Run gpupdate /force from a command prompt on Client01. Log off then login as AMull and make sure she can't access the control panel. Also make sure she can't open the command prompt, regedit, and Internet Explorer. Then verify she can's see or access the C drive. Client01 - Test Restricted Users Settings Answer the lab questions. |
Labs > Windows Labs >