Tuesday, May 1, 2012

Securing Client Computers - Windows Server 2003 Part One

·         For this example I created two Windows Server 2003 virtual machines. Computer01 was made a domain controller by using the dcpromo command. The new domain created was called contoso.local

·         The network adapters were set to host-only and the IP addresses for manually configured for my local network. Computer01 was given the IP address, while Computer02 was given

·         After configuring the local network, I made sure I was able to reach each computer. I used the ping command in the command line to insure each computer was able to reach the other.

Software Restriction Policies
·         Before setting up a software restriction policy, you should create a user account in active directory users and computers. For this exercise, I created myself and account.

·         Select  the Users OU, right click it and select new user.

·         Fill out the user information and select a logon name. This will be important to remember when testing the new software restriction policies.

·         After creating the new user, I created a new OU named Students. This OU will contain the software restriction policies that put certain restrictions on users in this OU.

·         After creating this new OU, move the newly created user account into it. Right click the user account and select move. From here you can select the Students OU. For the user account to work properly you should allow the account to log on locally. You can set this under the security policy.  Alternatively, you can logon to the account from Computer02 without problem.

·         After successfully creating your user account, you will want to create a new group policy object (GPO). Right click the Students OU and select properties. From here, select the Group Policy tab.

No comments:

Post a Comment