Controlling Access to Local Hardware and Applications (Lab Report Sample)
lab report
source..Lab 7
Controlling Access to local hardware and applications
This lab contains the following exercises and activities:
Exercise 7.1
Installing Remote Server Administration Tools
Exercise 7.2
Configuring Removable Storage Access Policies
Exercise 7.3
Using AppLocker
Lab Challenge
Creating an AppLocker Rule Based on File Hash
BEFORE YOU BEGIN
The lab environment consists of student workstations connected to a local area network, along with a server that functions as the domain controller for a domain called adatum.com. The computers required for this lab are listed in Table 7-1.
Table 7-1
Computers Required for Lab 7
Computer
Operating System
Computer Name
Server
Windows Server 2012
SVR-DC-A
Client
Windows 8 Enterprise
WKSTN-MBR-B
In addition to the computers, you will also need the software listed in Table 7-2 to complete Lab 7.
Table 7-2
Software Required for Lab 7
Software
Location
Remote Server Administration Tools for Windows 8 (Windows6.2-KB2693643-x64.msu)
\\SVR-DC-A\Downloads
Lab 7 student worksheet
Lab07_worksheet.docx (provided by instructor)
Working with Lab Worksheets
Each lab in this manual requires that you answer questions, shoot screen shots, and perform other activities that you will document in a worksheet named for the lab, such as Lab07_worksheet.docx. You will find these worksheets on the book companion site. It is recommended that you use a USB flash drive to store your worksheets so you can submit them to your instructor for review. As you perform the exercises in each lab, open the appropriate worksheet file, type the required information, and then save the file to your flash drive.
SCENARIO
After completing this lab, you will be able to:
Install the Remote Server Administration Tools on a computer running Windows 8
Configure a Removable Storage Access Policy
Use AppLocker to restrict software applications for a user
Estimated lab time: 60 minutes
Exercise 7.1
Installing Remote Server Administration Tools
Overview
In this exercise, you will install the Remote Server Administration Tools on a computer running Windows 8 so that you can use Active Directory tools and other administrative tools on a Windows 8 workstation.
Mindset
Since users work from their client computers, it is always convenient to have the Remote Server Administration Tools available on the administrator's client computer.
`Completion time
20 minutes
1. On WKSTN-MBR-B, log on using the adatum\Administrator account and the Pa$$w0rd password.
2.Click the Desktop tile.
3.On the Taskbar, click the File Explorer icon.
4.When File Explorer opens, open the \\SVR-DC-A\downloads folder (see Figure 7-1).
Figure 7-1
The Downloads folder
5.Double-click the Windows6.2-KB2693643-x64.msu file.
6.If you are prompted to install this file, click Open. When you are prompted to install the Windows software update, click Yes.
7.On the Read these license terms page, click I Accept.
8.If you are prompted to restart the computer, click Restart Now.
9. If you need to restart, then after rebooting, log back in to WKSTN-MBR-B as adatum\Administrator using the Pa$$w0rd password.
10.Scroll to the right and then click the Administrative Tools tile.
Question 1
Which two tools are used to administer users for Active Directory?
ADUC and GPMC
11.Take a screen shot of the Administrative Tools window by pressing Alt+Prt Scr and then paste the resulting image into the Lab 7 worksheet file in the page provided by pressing Ctrl+V.
End of exercise. Leave the system logged in for the next exercise.
Exercise 7.2
Configuring Removable Storage Access Policies
Overview
In this exercise, you will restrict the ability to write to an optical disk.
Mindset
To prevent users from copying confidential information to a removable disk, you can create Removable Storage Access Policies.
Completion time
15 minutes
1.On WKSTN-MBR-B, using the Administrative Tools folder, double-click Active Directory Users and Computers.
2.When the Active Directory Users and Computers console opens, expand the adatum.com node.
3.Right-click the adatum.com node and choose New > Organizational Unit.
4.When the New Object – Organizational Unit dialog box displays, in the Name text box, type Restricted.
5.Click OK to close the New Object – Organizational Unit dialog box.
6.Close Active Directory Users and Computers.
7.Go back to the Administrative Tools folder and double-click Group Policy Management.
8.When the Group Policy Management console opens, expand the Forest: adatum.com node, expand the Domains node, expand the adatum.com node, and then expand the Group Policy Objects node (see Figure 7-2).
Figure 7-2
The Group Policy Objects node
9.Right-click Group Policy Objects and choose New.
10.When the New GPO window displays, in the Name text box, type Hardware and Software Restrictions, and then click OK.
11.Right-click the Hardware and Software Restrictions GPO and choose Edit.
12.When the Group Policy Management Editor window opens, under the User Configuration node, expand the Policies node, expand the Administrative Templates, expand the System node, and then click the Removable Storage Access node.
Question 2
Which policy setting prevents writing to a USB device?
Removable disk: deny write access
13.To stop writing to writable optical disk, in the right pane, double-click CD and DVD: Deny Write access.
14.When the CD and DVD: Deny write access dialog box displays, click the Enabled option.
15.Click OK to close the CD and DVD: Deny write access dialog box.
16.Take a screen shot of the Group Policy Management Editor window by pressing Alt+Prt Scr and then paste the resulting image into the Lab 7 worksheet file in the page provided by pressing Ctrl+V.
17.Close the Group Policy Management Editor.
18.Back on the Group Policy Management console, right-click the Restricted OU and choose Link an Existing GPO.
19.When the Select GPO dialog box displays, double-click Hardware and Software Restrictions.
End of exercise. Leave the Group Policy Management console open for the next exercise.
Exercise 7.3
Using AppLocker
Overview
In this exercise, you will use AppLocker to restrict access to an application.
Mindset
To control what applications a user can run on her machine, you can create a GPO that will restrict or allow applications.
Completion time
15 minutes
1. On WKSTN-MBR-B, using the Group Policy Management console, under the Group Policy Objects node, right-click the ...
Other Topics:
- Installing and Configuring Windows Store ApplicationsDescription: This lab contains the following exercises and activities: Exercise 6.1 Using Group Policy to Restrict Access to the Windows Store Exercise 6.2 Disabling Automatic Download Updates of the Windows Store Lab Challenge Blocking Automatic Updates from Within the Windows Store App...1 page/≈275 words| No Sources | APA | Technology | Lab Report |
- Installing and Configuring Desktop ApplicationsDescription: What program is currently associated with the .jpg file name extension? Photos is the application currently associated with jpg files. It is the default program hence all jpg files open with it. 1 Take a screen shot of the Windows Photo Viewer window by pressing Alt+Prt Scr and then paste it ...1 page/≈275 words| No Sources | APA | Technology | Lab Report |
- Migrating and Configuring User DataDescription: Windows Easy Transfer enables you to save user profile data to a file on a network share or a removable medium and then import it to another computer. You can use this method to perform either a side-by-side migration or a wipe-and-load migration. Completion time 20 minutes ...1 page/≈275 words| No Sources | APA | Technology | Lab Report |