Name:_____Aryan __Soi________________

COMP2017 Server Administration

Unit #7: Exploring Group Policy
Objectives
Configure a local computer policy
Configure the processing order of group policy
Block group policy inheritance
Enable group policy enforcement
Requirements
Active Directory Installed on a parent and Child Domain Controller
The child domain controller configured to use the parent DC as the preferred DNS server.
Configuration Summary
Textbook Reference

Role

Domain

RWDCxx (Odd-numbered computers)

Domain Controller (DC)

lastname.local

RWDCyy (Even-numbered computers)

Member Server

lastname.local

SCDCxx (Server Core Installation)

Domain Controller (DC)
lastname.local
NOTE: RWDCzz Means perform these steps on both the parent and child domain controller.
Procedure
Complete Project 7-1, with the following exceptions;
Part A
Skip the first 6 steps that use the answer file to demote the DC.
Instead, run the dcpromo command from the server manager or cmd prompt to demote
RWDC02 manually.
*delete the domain because this is the last DC in the domain
*When asked to CHOOSE CREDENTIALS, click SET and specify an enterprise admin account
in the lastname.local domain.
Continue with Part A, STEP 7
For step 11 you can follow this tech note to join to server to the lastname.local domain.
http://technet.microsoft.com/en-us/library/cc770919%28WS.10%29.aspx
PART B Include screen shot after step 9
The relevant screen-shot is shown below. The properties menu gets removed after
applying the Local Computer Policy:

Complete Project 7-2, as described.

Include a screenshot demonstrating part A after step7 and B after step 2

The following screenshot demonstrates part A after step7:

The following screenshot demonstrates part B after step2:

Complete Project 7-3, as described.

Include a screenshot after step 3 and step 9.

The following screenshot for after step 3:

The following screenshot for after step 9:

*** Complete the Post-Lab clean up as described.

Note that no-override means enforced

Review Questions
1) If there is a conflict between a setting configured in the Local Computer Policy and a
setting configured in a domain-linked GPO, which policy setting will be applied?
Ans: The setting configured in a domain-linked GPO will be applied.
2) If multiple policies are configured at the domain level and you only want one of those
policies to flow down to a given OU:
a) What should you do to that OU?
Ans: The Block Inheritance setting can be used on the OU to prevent unwanted policies to
flow down to the given OU.
b) What should you do to the policy that you want to flow down?
Ans: In order to allow the one desired policy to flow down to the OU from the domain
level, the Link an Existing GPO setting can be used to select this policy.
3) The Enforce setting on a GPO overrides which GPO control measure?
Ans: The Enforce setting on a GPO overrides the Block Inheritance setting. It also
protects the GPO and its settings from being overridden by a later GPO.

Evaluation (10 Marks)

Completion of Projects
Questions

8M
2M