Managing Authorization and Authentication

Practice Labs Module
13 minutes

The "Managing Authorization and Authentication" module provides you with the instructions and devices to develop your hands-on skills in the following topics: Creating workgroups, Joining computers to domain, Working with local user accounts, Managing credentials in Windows Credentials Manager, Working with Microsoft account, Managing...

Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »



The Managing Authorization and Authentication module provides you with the instructions and devices to develop your hands-on skills in the following topics.

  • Creating workgroups
  • Joining computers to domain
  • Working with local user accounts
  • Managing credentials in Windows Credentials Manager
  • Working with Microsoft account
  • Managing Credential Guard
  • Managing User Account Control (UAC) settings

Exam Objectives

The following exam objectives are covered in this lab.

  • Learn how to configure workgroups in Windows 10
  • Know how to join a Windows 10 computer to a domain
  • How to create a local user account in Windows 10
  • Add credentials to the Windows Credential Manager
  • Show how to add a Microsoft account
  • Enable Credential Guard using Group Policy
  • Demonstrate how to change UAC settings in Windows 10

Lab Duration

It will take approximately 75 minutes to complete this lab.

Exercise 1 - Creating Workgroups

Domains, workgroups and homegroups are different methods of organizing computers in Windows networks. The key difference among them is how the computers and resources like folders, files and printers are managed.

Computers in a corporate environment are usually members of a Windows domain. The user accounts in a domain are centralized on a server called domain controller (DC). The DC performs authentication of all users who log on to a domain. When signed on to the domain, a user is given access to network-wide resources based on his role in the organization.

A workgroup is a collection of individual computers in a small network typically composed of 10 workstations or less. A user whose computer is in a workgroup must manually share resources to make them available to other computers in the workgroup.

In this exercise, you will initially remove Windows 10 and Windows 8.1 from the domain. You will configure the removed computers to become members of a workgroup. Finally, you will verify if the workgroup members are able to view and access each other in the network.

Exercise 2 - Joining Computers to Domain

Computers that are members of a Windows Active Directory domain are given access to network-wide resources like file/print services, shared Internet connection, application services like e-mail or databases and many more. Access corporate-wide resources are typically granted by the administrators responsible for maintaining the network.

In this exercise, you will join computers to domain network.

Exercise 3 - Working with Local User Accounts

There are three user accounts in Windows 10 that exist locally on every computer such as the Administrator account, DefaultAccount, and the Guest account. All these accounts are disabled by default.

You can create local user accounts with or without administrative rights in Windows 10. The local user accounts exist locally on the computer where it has been created. The profile folder of the local user account is created by default on account creation.

In this exercise, you will work with local user accounts.

Exercise 4 - Managing Credentials in Windows Credential Manager

Windows 10 provides the Windows Credential Manager that helps modify, delete, back up, or restore the credentials that are used regularly on the system. The Credential Manager is located in the Control Panel. The credentials are stored in two different categories, namely Web and Windows. The Windows category includes the credentials that are used on the computer, such as the user logon credentials and Outlook mail credentials. The Web category includes the credentials that are used on web sites, such as Twitter credentials, Skype credentials or any other credentials that are used to log on to a web site. The Windows credentials can be edited, removed, backed up, or restored using the Credential Manager. However, the Web credentials can only be removed using the Credential Manager.

In this exercise, you will add credentials to the Windows Credential Manager.

Exercise 5 - Working with Microsoft Account

You can use a single Microsoft account to sign in from different devices. This single account also helps you synchronize your personal settings across various Windows-based devices.

In this exercise, you will create a Microsoft account and connect it to your local computer account.

Exercise 6 - Managing Credential Guard

As the name suggests, Credential Guard provides additional security to the derived domain credentials used on your system, by isolating them from the operating system. To do this, Credential Guard uses virtualization-based security. In this security mode, the credentials are stored in a protected environment that is isolated from the operating system running on the computer. This ensures that unauthorized access to these credentials is completely blocked. As a result, credential theft attack, such as pass-the-hash and pass-the-ticket can be prevented.

In this exercise, you will manage Credential Guard using group policy.

Exercise 7 - Managing User Account Control (UAC) Settings

User Account Control (UAC) acts as a security feature in Windows 10. It blocks malware and the unauthorized installation of harmful apps on the computer. UAC safeguards the computer’s system settings. It allows Windows 10 users to log in to the computer using the standard user account.

In this exercise, you will manage UAC settings.

Learning Partner
Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.