CTS 160 -
Using your existing domain from the 11:00 class that is in Hyper-V
Create a client Win10 computer in Hyper-V and join it to your domain - you can name it whatever you want
Create a user on your domain called “Guinea Pig” Login ID = gpig Password = Password1
Put the user and computer into an OU called “HighSecurityOU”
Implement a combination of User and/or Computer Policy to lock down your OU
[list=1]
- No access to Control Panel
- No access to Run Command
- No access to Powershell or CMD prompt
- Cannot save to [url=file:///C:/]C:\[/url] drive
- Can create folders on Desktop or in Documents
- Users will have to agree to Terms of Service upon login “Interactive Logon Message”
- Users Documents redirected to a folder on the server – Folder Redirection
- Users cannot install software – This is a tough one, but is related to the [url=file:///C:/]C:\[/url] block
- Background in Windows is locked to the corporate background. You make the background
- Set a policy that the computer can only be used between the hours of 9AM-5PM
- Install Chrome on the client computer (as admin if you have blocked installation)
- Use article on discussion board to set starting page of Chrome using GPO/ADMX template
- Use GPO to deploy software to your user/computer – needs to be a .msi file – Software Installation.
- Use Fine Grained Password Policy to set a separate policy for an OU.
Last edited by Admin (4/22/2019 12:10 pm)