You are working on securing your Windows Servers, and as part of the effort, you want to make sure that only the correct people can log into them. You want to make sure that the employees on the sales team cannot access the servers via remote desktop. In order to do this, in this hands-on lab, you are going to create a Group Policy to deny access to any user in the **Sales** group if they try to log in.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Configure the Active Directory Domain Services Environment
- Confirm the private IP address of the domain controller VM is set to Static
- Install Active Directory Domain Services
- Restrict Access to Domain Controller Using Group Policy Object
- Configure the following users and groups:
- Create the Domain Admin user
- Create a Sales group
- Create an awesomesales user and add it to the Sales group
- Download the
configureusersandgroupPowerShell script from the GitHub repository
- Create a Group Policy Object
- Deny remote access to the Sales group using the Deny log on through Remote Desktop Services group setting
- Configure the following users and groups:
- Confirm Sales User Cannot Remotely Connect to Domain Controller
- Log in to the VM
- Attempt to remote into the domain controller virtual machine using the Sales user account
- Confirm that the settings have been applied by the GPO
