Overview

Introduction

Welcome to the Implement Security Best Practices to Secure a Workstation Practice Lab. In this module you will be provided with the instructions and devices needed to develop your hands-on skills.

Learning Outcomes

In this module, you will complete the following exercises:

  • Exercise 1 - Implement Security Best Practices to Secure a Workstation

After completing this lab, you will be able to:

  • Create a User Account
  • Configure User Account Properties
  • Configure a Password Policy
  • Configure a Password Protected Screensaver
  • Manage Guest and Admin Accounts via Group Policy

Exam Objectives

The following exam objectives is covered in this lab:

  • 220-1002: 2.5 Given a scenario, implement security best practices to secure a workstation

Lab Duration

It will take approximately 1 hour to complete this lab.

Exercise 1 - Implement Security Best Practices to Secure a Workstation

Each Windows system is capable of creating and storing user accounts. However, when a user account is created in a Windows system, it cannot be used outside the system. For example, you cannot use this account to authenticate yourself for connecting to a shared folder. A local user, which is created on a Windows system, has its password information stored locally. A local user is limited to log on to the local system only.

A domain-based user account is created in Active Directory. A server is designated as a domain controller that contains the users and groups. A domain-based user can access various applications and network shares depending upon where the permissions have been granted. At the same time, a domain-based user can be part of one or more groups. When permissions are granted to a group on a shared folder, for example, the users part of this group are also assigned permissions automatically. A domain-based user can log on to multiple Windows systems, which are part of a Windows domain.

Active Directory represents a tree-like structure. At the top level, there is a forest, which contains sites and domains are then part of a site. A domain can contain multiple organizational units. A domain has specific security boundary. There can be multiple domains in a single forest, and each one will have its own security boundary. If you configure a policy in one domain, it does not overlap to the other domain.

In this exercise, you will perform various tasks, such as creating a user account, setting password options, configuring a password protected screen saver, and renaming/disabling user accounts.

Learning Outcomes

After completing this exercise, you will be able to:

  • Create a User Account
  • Configure User Account Properties
  • Configure a Password Policy
  • Configure a Password Protected Screensaver
  • Manage Guest and Admin Accounts via Group Policy

Exercise 2 - Perform a Clean Install

An operating system can be installed using multiple methods. Some of these methods are listed below:

  • Unattended installation
  • In-place upgrade
  • Clean install
  • Repair installation
  • Multiboot
  • Remote network installation
  • Image deployment
  • Recovery partition
  • Restore/Refresh

For all the methods listed above, the actual process of installation remains the same. Only the choice of boot device differs. In this exercise, you will perform a clean install.

Learning Outcomes

After completing this exercise, you will be able to:

  • Perform a Clean Install
  • Create a Recovery partition
  • Prepare for an Unattended Installation

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.