A.2.2 Pro Domain 2: Management
You are managing the development of a new product version. You need to copy the project schedule to your OneDrive account so that you can access it wherever you are. You have already set up and logged in to your Microsoft online user account to use with your Windows 10 system. In this lab, your task is to copy the C:\Projects\Widget2.0\ProjSched.docx file to the Documents folder within your OneDrive account.
Open the C:\Projects\Widget2.0 folder.From the Windows taskbar, select File Explorer.Maximize the window for better viewing.From the left pane, expand and select This PC > Local Disk (C:) > Projects > Widget2.0. Copy the ProjSched.docx file to OneDrive.From the right pane, right-click ProjSched.docx and select Copy.From the left pane, select OneDrive.From the right pane, double-click Documents.From the right pane, right-click and select Paste.
While performing administrative tasks on the Office1 computer, you notice that User Account Control (UAC) notifications are not being displayed when privilege escalation is required. The company policy specifies that UAC notifications should only be displayed when applications try to make changes to the computer, not when the Administrator user makes changes to Windows settings. In this lab, your task is to configure UAC settings to comply with the company standards and best meet the needs of the Office1 computer.
From the search field on the Windows taskbar, type UAC. From the Best match menu, select Change User Account Control settings. Use the slide bar to change the UAC to Notify me only when apps try to make changes to my computer (default). Click OK.
You are a member of the IT team for your company. Part of your company's security strategy is to implement Microsoft's Windows Defender Application Control (WDAC) to restrict the applications that users are allowed to run on their systems. In this lab, your task is to use PowerShell to create a code integrity policy (CIP) on the Office2 computer (a golden system). Then you will create and implement a group policy object (GPO) to implement this policy company-wide. Use the following while completing this lab: Policy File Information: When running the command to create the code integrity policy, use the -Level Pca and -UserPEs flags. Scan the entire C:\ drive. Name file final binary policy MyCIP.bin Copy the MyCIP.bin policy to the CorpDC computer and save it in the WDAC file share.
Required Actions Create the MyCIP.bin file and save it on CorpDC Create the WDAC Policy Enable the Deploy Windows Defender Application Control polciy Deploy Windows Defender Application Control policy distributes MyCIPolicy.bin Explanation Complete this lab as follows: From Office2 create an XML file that will be used to create the initial code integrity policy (CIPolicy).Right-click Start and then select Windows PowerShell (Admin).From PowerShell run:New-CIPolicy MyCIP.xml -Level Pca -ScanPath C:\ -UserPEsWait for the scan to complete. Convert the XML file to a binary file and save it on CorpDC in the WDAC share.From PowerShell run:ConvertFrom-CIPolicy MyCIP.xml C:\MyCIP.binFrom the Windows taskbar, select File Explorer.From the left pane, expand and select This PC > System (C:).Right-click MyCIP.bin and then select Copy.From the left pane, expand and select Network > CorpDC > WDACIn the right pane, right-click and select Paste. Switch to CorpServer and connect to the Hyper-V CorpDC server.From the top navigation area, select Floor 1 Overview.Under Networking Closet, select CorpServer.From the Hyper-V Manager, select CORPSERVER.From the Virtual Machines pane, double-click CorpDC. Create the WDAC GPO in the CorpNet.xyz domain.From Server Manager's menu bar, select Tools > Group Policy Management.Maximize the window for better viewing.Expand Forest: CorpNet.xyz > Domains.Right-click CorpNet.xyz and select Create a GPO in this domain, and link it here.In the Name field, use WDAC and then select OK. Enable and configure the Deploy Windows Defender Application Control policy to distribute the MyCIPolicy initial code integrity policy.Expand CorpNet.xyz and then right-click WDAC and select Edit.Maximize the window for better viewing.From the left pane, expand and select Computer Configuration > Policies > Administrative Templates > System > Device Guard.From the right pane, double-click Deploy Windows Defender Application Control.Select Enabled.In the Code Integrity Policy file path field, enter C:\WDAC\MyCIP.bin.
During a security audit, you discovered that the Susan user account on the Office2-lap Windows 10 notebook doesn't have a password assigned to it. This notebook is used to deliver sales presentations at client sites, so you want to assign a strong password to this account to prevent unauthorized users from accessing data on the system. The laptop is logged into the Susan account. In this lab, your task is to complete the following: Use the Windows Settings application to access user account settings. Assign a password of p@ssword2 to the Susan user account.
Right-click Start and select Settings. Select Accounts. From the left pane, select Sign-in options. From the right pane, select Password. Select Add. Create a new password as follows:New password: P@ssword2Reenter password: P@ssword2Password hint: Enter a password hint of your choice. Select Next. Select Finish.
Zoey has been hired by your organization. She will be using the computer named Office1, and she needs a local account. In this lab, your task is to create Zoey's local user account using the Windows Settings application. While creating the new account, use the following information: User information:Username: ZoeyPassword: eyeLoveS@ccer Security questions:
Right-click Start and then select Settings. Select Accounts. From the left pane, select Other users. Select Add someone else to this PC. Under Who's going to use this PC, enter Zoey. Under Make it secure, enter the following password information:Password: eyeLoveS@ccerRe-enter password: eyeLoveS@ccer Under In case you forget your password, select and complete the following security information:
You are a freshman at a university. You are new to this area, so you want to use the Windows 10 location service for directions to stores and information about weather. In this lab, your task is to enable the Windows 10 location service and allow the following apps to use this service: Microsoft Edge Weather Maps
Turn on the Windows location service.Right-click Start and then select Settings.Maximize the window for better viewing.Select Privacy.From the left pane, select Location.Select Change.Slide the switch to the On position.Select outside the dialog to close the dialog. Choose the applications that can use the Windows location service.Under Choose apps that can use your precise location, slide the switch to On for each of the following applications:Microsoft EdgeWeatherMapsClose the Settings dialog.
You are the IT administrator for a small corporate network. The employee in Office 1 needs your assistance setting attributes on files and folders. In this lab, your task is to: Compress the D:\Graphics folder and all of its contents. Hide the D:\Finances folder. The Finances folder will become transparent because the administrator has modified the options to show hidden files and folders. Make the following files read-only:D:\Finances\2015report.xlsD:\Finances\2016report.xls
Compress the Graphics folder.From the Windows taskbar, select File Explorer.Maximize the window for better viewing.From the left pane, expand and select This PC > Local Disk (D:).Right-click the Graphics folder and then select Properties.From the General tab, select Advanced.Select Compress contents to save disk space and then select OK.Select OK to close the Graphics Properties dialog. The Confirm Attribute Changes dialog is shown.Make sure Apply changes to this folder, subfolders and files is selected and then select OK. Hide the Finances folder.Right-click Finances and then select Properties.Select Hidden and then select OK.Make sure Apply changes to this folder, subfolders and files is selected and then select OK. From the D:\Finances folder, configure the 2015report.xls and 2016report.xls files to have the read-only attribute.Double-click Finances to view this folder's contents.Right-click file_name.xls and then select Properties.Select Read-only and then select OK.Repeat steps 3b and 3c to configure attributes for the second file.
There are two groups of users who access the Office1 computer, Marketing and Research. Each group has a corresponding folder: E:\Marketing Data E:\Research Data In this lab, your task is to: Disable permissions inheritance for E:\Marketing Data and E:\Research Data and convert the existing permissions to explicit permissions. For each of the above folders, remove the Users group from the access control list (ACL). Add the Marketing group to the Marketing Data folder ACL. Add the Research group to the Research Data folder ACL. Assign the groups Full Control to their respective folders. Do not change any other permissions assigned to other users or groups.
Disable permissions inheritance for E:\Marketing Data and E:\Research Data and convert the existing permissions to explicit permissions. For each of the above folders, remove the Users group from the access control list (ACL). Add the Marketing group to the Marketing Data folder ACL. Add the Research group to the Research Data folder ACL. Assign the groups Full Control to their respective folders. Do not change any other permissions assigned to other users or groups. Complete this lab as follows: Open the Data (E:) drive.From the Windows taskbar, select File Explorer.From the left pane, expand This PC and then select Data (E:). Disable inheritance and convert inherited permissions to explicit permissions.Right-click the applicable folder and then select Properties.Select the Security tab.Select Advanced to modify inherited permissions.Select Disable inheritance to prevent inherited permissions.Select Convert inherited permissions into explicit permissions on this object. Remove the Users group from the access control list.In Permission entries, select Users.Select Remove to remove the group from the access control list.Select OK. Add a new group to the access control list and allow full control.Select Edit to add a group to the access control list.Select Add.Enter the name of the group you want to add and then select Check Names.Select OK.With the newly added group selected, under the Allow column, select Full control and then select OK.Select OK to close the properties dialog. Repeat steps 2 - 4 to modify the permissions for the additional folder.
You have been asked to perform administrative tasks for a computer that is not a member of a domain. To increase security and prevent unauthorized access to the computer, you need to configure specific password and account lockout policies. In this lab, your task is to use the Local Security Policy to configure the following password and account lockout policies: Configure password settings so that the user must:Cycle through 10 passwords before reusing an old one.Change the password every 90 days.Keep the password at least 14 days.Create a password at least 8 characters long.Create a password that meets complexity requirements such as using uppercase letters, lowercase letters, numbers, or symbols. Configure the account lockout policy to:Lock out any user who enters five incorrect passwords.Unlock an account automatically after 60 minutes.Configure the number of minutes that must elapse after a failed logon attempt to 10 minutes.
Set the password policies.Select Start and then select Windows Administrative Tools > Local Security Policy.From the left pane, expand and select Account Policies > Password Policy.Maximize the window and then expand the Policy column for better viewing.From the middle pane, double-click the applicable policy to be modified.Configure the appropriate value and then select OK.Repeat steps 1d - 1e for the remaining password polices to be configured. Set the account lockout policies.From the left pane, under Account Policies, select Account Lockout Policy.From the middle pane, double-click Account lockout threshold.Configure the lock out value to 5 and then select OK.Review the suggested changes and then select OK.Double-click Account lockout duration.Configure the value to 60 and then select OK.Double-click Reset account lockout counter after.Configure the value to 10 and then select OK.
At work, you share a computer with other users. You want to secure the contents of the Finances folder so that unauthorized users cannot view its contents. In this lab, your task is to: Encrypt the D:\Finances folder and all of its contents. Add the Susan user account as an authorized user for the D:\Finances\2019report.xls file.
Open the D: drive.From the Windows taskbar, select File Explorer.From the left pane, select This PC.From the right pane, double-click Local Disk (D:). Encrypt the Finances folder.Right-click Finances and then select Properties.Select Advanced.Select Encrypt contents to secure data and then select OK.Select OK to close the properties dialog.Select OK to confirm the attribute changes. Give Susan authorization to modify the 2019report.xls file.Double-click Finances.Right-click 2019report.xls and then select Properties.Select Advanced.Select Details.Select Add.Select Susan and then select OK.Select OK as many times as needed to close all remaining dialogs.
You are the IT administrator for the CorpNet domain. You have decided to use groups to simplify the administration of access control lists. Specifically, you want to create a group containing the department managers. In this lab, your task is to use Active Directory Users and Computers to complete the following actions on the CorpDC server: In the Users container, create a group named Managers. Configure the group as follows:Group scope: GlobalGroup type: Security Make the following users members of the Managers group:
Access Active Directory Users and Computers on the CorpDC server.From Hyper-V Manager, select CORPSERVER.From the Virtual Machines pane, right-click CorpDC and then select Connect.From Server Manager's menu bar, select Tools > Active Directory Users and Computers.Maximize the window for better viewing. Create a group named Managers in the Users container.From the left pane, expand and select CorpNet.xyz > Users.Right-click the Users container and then select New > Group.You can also create a new group by selecting the Create a new group in the current container icon found in the ribbon.In the Group name field, enter Managers.A pre-Windows 2000 group name will be created automatically, but can be changed.Under Group scope, make sure Global is selected.Under Group type, make sure Security is selected and then select OK. Add user accounts to the Managers group.From the left pane, ensure that the Users container is still selected.From the right pane, right-click Managers and then select Properties.Select the Members tab.Select Add.In the Enter the object names to select field, enter all of the usernames. Use a semicolon to separate each name.Example: Zoelle Hoffer; Peter Williams; Princess DianaSelect Check Names.Select OK to add the users and close the dialog.Select OK to close the Managers Properties dialog.You can also add individual users to a group by right-clicking the user and selecting Add to a group.
You are the IT administrator for a small corporate network. You are using Active Directory on the CorpDC server to provide central management for network resources. Organizational Units (OUs) in the domain have been created to represent the departments in your company. User and computer accounts are in their respective departmental OUs. Over the past few days, several personnel changes have occurred that require changes to the user accounts. In this lab, your task is to use the following information to make the necessary user account changes on CorpDC: For the Accounting department: Disable the Mark Woods account.He has accepted a job at another company. His account will remain disabled until his replacement can be found. Due to a forgotten password, the Mary Barnes account was locked.You need to:Reset the password to asdf1234$.Require a password change at the next logon.Unlock the account. For the Research-Dev department: Enable Pat Benton's account.She is returning from maternity leave. Her account was disabled to prevent logon while she was away. Update Andrea Simmons account information has she was recently married.New account name: Andrea SockoConfigure the account as follows:First name: AndreaLast name: SockoDisplay name: Andrea SockoBoth user logon names: asocko Adam Pascal quit and Stella Hanson was hired in his place. Stella will not start for another two weeks. Update Adam's account as follows:New account name: Stella HansonFirst name: StellaLast name: HansonDisplay name: Stella HansonBoth user logon names: shansonDisable the account to prevent logon until Stella starts. For the Support department: For all users in the Support OU (but not the SupportManagers OU), allow logon to only the Support computer.
Access Active Directory Users and Computers on the CorpDC server.From Hyper-V Manager, select CORPSERVER.From the Virtual Machines pane, right-click CorpDC and then select Connect.From Server Manager's menu bar, select Tools > Active Directory Users and Computers.Maximize the window for better viewing. Disable the Mark Woods user account.From the left pane, expand and select CorpNet.xyz > AccountingRight-click Mark Woods and then select Disable Account.Select OK to acknowledge the change. Change Mary Barnes' password and unlock her account.Right-click Mary Barnes and then select Reset Password.Enter and confirm asdf1234$ as the new password.Verify that User must change password at next logon is selected.Verify that Unlock the user's account is selected.Select OK to make the change.Select OK to acknowledge the change. Enable the Pat Benton account.From the left pane, select the Research-Dev OU.Right-click Pat Benton and then select Enable Account.Select OK. Update the Andrea Simmons and Adam Pascal user accounts.In the Research-Dev OU, right-click the user account and select Rename.Enter the new name and press Enter. This opens the Rename User dialog.Change the following fields as is applicable:First nameLast nameDisplay nameUser logon nameUser logon name (pre-Windows 2000)Select OK.Repeat steps 5a - 5d for the remaining user account.Right-click Stella Hanson and select Disable Account, and then select OK. Configure user account restrictions.From the left pane, select the Support OU.Press Ctrl and then select both the Jacob Greenwood and Leslie Hunter users. This lets you edit multiple users at the same time.In Safari, press Command and select each user.Right-click the user accounts and then select Properties.Select the Account tab.Select Computer restrictions.Select Log On To.Select The following computers.In the Computer name field, enter Support and then select Add.Select OK to return to the Properties dialog.Select OK to apply the changes and close the properties dialog.
You work in the IT department. You need to protect your company's computers from malware that uses exploits to spread and infect systems. As part of your protection strategy, you are using Microsoft's Windows Defender Exploit Guard protection. After doing extensive testing, you have determined that all of the exploit protection settings can be turned on without any adverse effects. In this lab, your task is to ensure that all exploit protection system setting will be turned on for all computers using a Group Policy.To complete this task, use the following information: On ITAdmin: Configure the required exploit protection settings. Export the settings to the shared GPO folder located on the CorpDC server. While exporting, use the default filename. On CorpDC: In the CorpNet.xyz domain, create a GPO named Exploit Protection. Enable and configure the Exploit Protection GPO to use the C:\GPO\Settings.xml file located on this machine.
Access the App & browser control settings.Right-click Start and then select Settings.Select Update & security.From the left pane, select Windows Security.From the right pane, select App & browser control. Configure and then export the exploit protection settings. Save the exported file in the GPO share located on the CorpDC computer.From the App & browser control dialog, scroll down to the Exploit protection options.Select Exploit protection settings.Configure each Exploit protection setting to On.Scroll to the bottom and select Export settings.From the left pane, expand and select Network > CorpDC > GPO.In the File name field, use Settings and then select Save.Close the Exploit protection dialog.Close the Windows Settings dialogs. Switch to CorpServer and connect to the CorpDC guest server.From the top navigation area, select Floor 1 Overview.Under Networking Closet, select CorpServer.From Hyper-V Manager, select CORPSERVER.From the Virtual Machines pane, double-click CorpDC. Create the Exploit Protection GPO in the CorpNet.xyz domain.From Server Manager's menu bar, select Tools > Group Policy Management.Expand Forest: CorpNet.xyz > Domains.Right-click CorpNet.xyz and then select Create a GPO in this domain, and link it here.In the Name field, use Exploit Protection and then select OK. Access the exploit protection settings.Expand CorpNet.xyz.Right-click Exploit Protection and then select Edit.Maximize the window and expand the left pane for better viewing.Expand and select Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Defender Exploit Guard > Exploit Protection.From the right pane, double-click Use a common set of exploit protection settings. Enable and configure the exploit protection settings.Select Enabled.In the options pane, enter C:\GPO\Settings.xml and then select OK.
You are the IT Administrator for a small corporate network. To enable central management of network resources, you recently added an Active Directory domain on the CorpDC server . Now, you need to populate user accounts in the domain. In this lab, your task is to create the following user accounts on CorpDC in their applicable OUs: Create each account using the following standards and specifications: Account name: First name and Last name User logon name: firstinitial + [email protected] Initial password: 1234asdf$ Require the user to change the password at the next logon. For the temporary sales employee (Borey Chan):Limit the logon hours to 8:00 a.m. to 5:00 p.m., Monday through Friday.Expire the account on 31 December of the current year.
Access the CorpDC server. From the left pane of Hyper-V Manager, select CORPSERVER. From the Virtual Machines pane, right-click CorpDC and then select Connect. Create the domain user accounts on CorpDC. From Server Manager's menu bar, select Tools > Active Directory Users and Computers. Maximize the window for better viewing. From the left pane, expand and select CorpNet.xyz > OU. This is the OU in which the user will be created. Right-click the OU and then select New > User. You can also create a new user by selecting the Create a new user in the current container icon located in the ribbon. Enter the following values for the new user:First nameLast nameUser logon name (This name is required; the user will use it to log on to the domain.) Select Next. Enter the user account's initial password of 1234asdf$ and confirm it. Verify that User must change password at next logon is marked and then select Next. Review your information and then click Finish to create the user object. Repeat steps 2c - 2i to create the remaining users. Access the account properties for Borey Chan (the temporary sales employee).In Active Directory Users and Computers, browse to the Borey Chan user account (CorpNet.xyz > Sales > TempSales). Right-click Borey Chan and select Properties. Select the Account tab. Modify Borey Chan's logon hours. Select Logon Hours. Select Logon Denied to clear the allowed logon hours. By default, logon is always permitted (every hour box is blue).Drag the mouse to select 8 AM to 5 PM, Monday through Friday. Use the text added to the bottom of the dialog to verify your selected dates and times. Select Logon Permitted to toggle the selected time to the logon times permitted. Select OK . Configure an account expiration date for Borey Chan. Under Account expires, select End of. Use the End of drop-down to select 31 December in the current year. Select OK.
You recognize that the threat of malware is increasing. As such, you would like to use Windows Virus & Threat Protection to protect your computer from malware. In this lab, your task is to enable and configure Windows Virus & Threat Protection as follows: Add a file exclusion for D:\Graphics\cat.jpg. Add a process exclusion for welcome.scr. Locate the current threat definition version number. Answer Question 1. Check for updates. Answer Question 2. Perform a quick scan.
Access the Virus & threat protection options.Right-click Start and then select Settings.Select Update & Security.From the left pane, select Windows Security.Select Virus & threat protection. Add a file exclusion for D:\Graphics\cat.jpg.Under Virus & threat protection settings, select Manage settings.Scroll down to Exclusions and then select Add or remove exclusions.Select Add an exclusion and then select File.From the left pane, browse to and select Local Disk (D:) > Graphics > cat.jpg, and then select Open. Add a process exclusion for welcome.scr.From the Exclusions dialog, select Add an exclusion and then select Process.In the Enter process name field, type welcome.scr and then select Add. Check for protection updates.In the top left, select the back arrow twice to return to the Virus & threat protection page.Scroll down to Virus & threat protection updates and then select Check for updates to access the Protection updates page.In the top right, select Answer Questions.Answer Question 1.Select Check for updates.Answer Question 2. Perform a quick virus scan.In the top left, select the back arrow to return to the Virus & threat protection page.Select Quick scan.Wait for the scan to complete. From the Lab Questions dialog, select Score Lab.
You have a new laptop that is running Windows 10. You notice a security message indicating that Windows Firewall has been disabled. The laptop is currently connected to your organization's network, and the Domain network profile settings are in effect. You plan to travel this week and connect the laptop to various airport Wi-Fi hotspots. You need to enable Windows Firewall for any public network. In this lab, your task is to configure Windows Firewall as follows: Turn on the Windows Firewall for the Public network profile only. In addition to the programs and ports currently allowed, allow the following service and programs through the firewall for the Public network profile only:A service named Key Management ServiceAn application named Arch98An application named Apconf
Access the Windows Firewall settings.Right-click Start and then select Settings.Select Network & Internet.From the right pane, scroll down and select Windows Firewall. From the Windows Security dialog, under Public network, select Turn on. Allows applications to communicate through the firewall for the Public network only.Select Allow an app through Windows Firewall.Select Change settings.For Key Management Service, clear Domain and Private and then select Public.Select Allow another app to configure an exception for an application not currently allowed through the firewall.Select the application from the list and then select Add.For the newly added application, clear Domain and Private and then select Public.Repeat steps 3d - 3f for the remaining application. Select OK.
You have been asked to perform administrative tasks for a computer that is not a member of a domain. You want to stop the system from displaying User Account Control (UAC) prompts when the administrator performs a task that requires administrative permissions. You also want to prevent the standard user accounts on the system from elevating permissions. In this lab, your task is to configure the UAC policies as follows:
Click Start and then expand and select Windows Administrative Tools > Local Security Policy. From the left pane, expand and select Local Policies > Security Options. Maximize the window and then expand the Policy column for better viewing.You can click on the Policy heading to sort the list in reverse alphabetical order. From the middle pane, double-click the policy to be configured. Use the drop-down to configure the appropriate value and then select OK. Repeat steps 4 - 5 to configure the remaining policy.
To help pay your way through your sophomore year in college, you are working part time at a local business. The owner of the business is allowing you to use the company laptop on which to do your school work. Your major requires you to take Latin 101 and you want to create and organize a few goals for this course. In this lab, your task is to: Create a new folder named Latin 101 in the Documents folder on your computer. Copy the D:\course_goals_template.docx file to the Documents\Latin 101 folder. Rename Documents\Latin 101\course_goals_template.docx to Documents\Latin 101\Latin_101_goals.docx.
Create the Latin 101 folder.From the Windows taskbar, select File Explorer.Maximize the window for better viewing.From the left pane, expand and select This PC > Documents.Right-click Documents and then select New > Folder.Type Latin 101 and then press Enter to name the new folder. Copy the course_goals_template.docx file to the Latin 101 folder.From the left pane, select Local Disk (D:).From the right pane, right-click course_goals_template.docx and select Copy.Navigate back to Latin 101 folder.From the left pane, expand and select This PC > Documents.From the right pane, double-click Latin 101.From the right pane, right-click anywhere within the Latin 101 folder and then select Paste. Rename the course_goals_template.docx file to Latin_101_goals.docx.In the Latin 101 folder, right-click course_goals_template.docx and select Rename.Enter the file name as Latin_101_goals.docx and press Enter.
You are the network system administrator for your company. You are concerned about protecting the domain credentials used in your Windows 10 Enterprise environment. You know that, by default, Windows stores credentials in the Local Security Authority (LSA), which is a process in memory. If attackers are able to gain privileged access to an endpoint, they can query the LSA for the secrets in memory and compromise a hash or ticket. The compromised item could be used in a Pass-The-Hash or Pass-The-Ticket attack to elevate privileges further and move laterally within your organization. To help protect these credentials, you have decided to use Windows Credential Guard's virtualization-based security. In this lab, your task is to complete the following on the CorpDC server: For the CorpNet.xyz/Default Domain Policy, enable Device Guard's Virtualization Based Security. Configure Virtualization Based Security using the following specifications:Use a platform security level that only supports computers that do not have DMA hardware.Enforce kernel mode memory protections and ensure that the Code Integrity path is protected. Make sure this setting cannot be disabled remotely.Make sure that Credential Guard cannot be disabled remotely.Enable Secure Launch Configuration.
On CorpDC, access the Group Policy Management Editor.From Hyper-V Manager, select CORPSERVER.From the Virtual Machines pane, double-click CorpDC.From Server Manager's menu bar, select Tools > Group Policy Management.Expand and select Forest: CorpNet.xyz > Domains > CorpNet.xyz > Default Domain Policy.Right-click Default Domain Policy and then select Edit.Maximize the window for better viewing. Enable Virtualization Based Security.From the left pane, expand and select Computer Configuration > Policies > Administrative Templates > System > Device Guard.From the right pane, double-click Turn On Virtualization Based Security.Select Enabled. Configure Virtualization Based Security.Configure the options as follows:Select Platform Security Level: Secure BootVirtualization Based Protection of Code Integrity: Enabled with UEFI lockRequire UEFI Memory Attributes Table: ClearedCredential Guard Configuration: Enabled with UEFI lockSecure Launch Configuration: EnabledSelect OK.
To allow other users access to some content on your computer, you have decided to share two folders. To better control who has access to the data in these folders, you need to configure share and NTFS permissions. In this lab, your task is to share and configure the share and NTFS permissions for these folders as follows:
Open the D: drive.From the Windows taskbar, select File Explorer.From the left pane, expand and select This PC > Data (D:). Configure share permissions for D:\Finances.Right-click Finances and then select Give access to > Specific people.Using the drop-down, select the group Everyone and then select Add.Select the group named Everyone and then select Read/Write.Using the drop-down, select Find People.In the Enter the object names to select field, type Accounting and then select OK.Select Accounting and then select Read/Write.Select Share.Select Done. Configure share permissions for D:\Graphics.Right-click Graphics and then select Give access to > Specific people.Using the drop-down, select the group Everyone and then select Add.Select Everyone and then select Read/Write.Select Share.Select Done. Configure NTFS permissions for the D:\Finances folder.Right-click the Finances and then select Properties.Select the Security tab.Select Advanced to modify inherited permissions.Select Disable inheritance.Select Convert inherited permissions into explicit permissions on this object.Select the group Everyone and then select Remove to remove the group from the access control list.Select Users and then select Remove.Select OK to close the Advanced Security Settings for Finances dialog.Select OK to close the Finances Properties dialog.Because we used the Give access to > Specific people option to add Accounting to the share, that group is already in the ACL and has Allow Full Control NTFS permissions. Configure NTFS permissions for the D:\Graphics folder.Right-click Graphics and then select Properties.Select the Security tab.Select Edit to change permissions for a group.Select the Everyone group.Under Permissions for Everyone, clear Full control, Modify, and Write.Select Add to add a group.In the Enter the object names to select field, enter Marketing and then select OK.With Marketing selected, select Modify. (Leave all other existing permissions as-is.)Select OK to close the Permissions for Graphics dialog.Select OK to close the Graphics Properties dialog.
The Archives folder on your server is shared with the other computers on your network. The share name is Archives. When client computers access a file in the shared folder, you want them to automatically cache a copy of the file. In this lab, your task is to configure the offline settings for the Archives folder as follows: Allow automatic caching of the H:\Archives folder's files. Allow caching of program files to optimize performance.
Open the Projects (H:) drive.From the Windows taskbar, select File Explorer.From the left pane, expand and select This PC > Projects (H:). Configure the offline sharing options.Right-click Archives and then select Properties.Select the Sharing tab.Select Advanced Sharing.Select Caching.Select All files and programs that users open from the shared folder are automatically available offline to configure automatic caching.Make sure Optimized for performance is selected and then select OK. Select OK to close the Advanced Sharing dialog. Select OK to close the Archives Properties dialog.