INTRODUCTION
In this exercise, you will configure security settings in Active Directory that help protect your organization from outdated authentication methods, unauthorized changes, and improper account usage.
Imagine you are the IT administrator responsible for keeping your company’s network safe. Just like you wouldn’t give everyone a master key to the office or allow old locks to stay on the doors, you need to make sure your digital environment is secure.
Here’s what you will do in this exercise:
- Restrict NTLM authentication for the domain: NTLM is an older authentication method that is less secure and more vulnerable to attacks. By blocking it, you ensure that only stronger authentication methods (like Kerberos) are used in your domain.
- Enable auditing of user account management in the Sydney OU: This allows you to track when user accounts are created, modified, or deleted in the Sydney office. It’s like having a security camera that records who made changes, helping you detect mistakes or suspicious activity.
- Deny log on as a service to members of a security group: Some accounts should never be used to run background services, because if they are compromised, attackers could gain persistent access. By denying this right to certain groups, you reduce risk and enforce proper security practices.
By the end of this exercise, you will understand how to apply practical security policies that help protect user accounts, monitor administrative activity, and prevent risky account usage. These are common tasks IT administrators perform to keep systems compliant and safe from threats.
Part 1 – Restrict NTLM Authentication
Here you will block NTLM authentication across the domain.
Steps:
On TAILWIND-DC1, open Server Manager.
From the Tools menu, select Group Policy Management.
Expand forest: tailwindtraders.internal → Domains → tailwindtraders.internal → Group Policy Objects.
Right-click Default Domain Controller Policy → choose Edit.
In the Group Policy Management Editor:
Go to:
Computer Configuration → Policies → Windows Settings → Security Settings → Local Policies → Security Options.
Find and double-click:
Network security: Restrict NTLM: NTLM authentication in this domain.
Check Define this policy setting.
Select Deny all → click OK.
When prompted, click Yes to confirm the change.
Close the Group Policy Management Editor.
Part 2 – Audit User Account Management in the Sydney OU
This sets up auditing so you can track changes made to accounts in the Sydney OU.
Steps:
On TAILWIND-DC1, open Server Manager.
From the Tools menu, select Group Policy Management.
Expand tailwindtraders.internal.
Right-click the Sydney OU → select Create a GPO in this domain, and Link it here….
Name the new policy SydneyOUPolicy → click OK.
Right-click SydneyOUPolicy → select Edit.
In the Group Policy Management Editor:
Go to:
Computer Configuration → Policies → Windows Settings → Security Settings → Advanced Audit Policy Configuration → Audit Policies → Account Management.
Double-click Audit User account management.
Check Configure the following audit events.
Select both Success and Failure → click OK.
Close the Group Policy Management Editor.
Part 3 – Deny Log On As a Service
Here you will prevent members of the Sydney Administrators group from logging on as a service.
Steps:
On TAILWIND-DC1, open Server Manager.
From the Tools menu, select Group Policy Management.
Expand the tailwindtraders.internal domain.
Right-click SydneyOUPolicy (created earlier) → select Edit.
In the Group Policy Management Editor:
Go to:
Computer Configuration → Policies → Windows Settings → Security Settings → Local Policies → User Rights Assignment.
Double-click Deny log on as a service.
Check Define this policy setting.
Click Add User or Group.
In the Select Users or Groups window:
Click Browse → Advanced → Find Now.
Select the Sydney Administrators group.
Click OK repeatedly until all windows close (about 4–5 confirmations).
Conclusion
In this exercise, you learned how to configure security settings to protect systems and user accounts from potential threats. By applying these configurations, you strengthened overall system security and ensured that users operate within a safe and controlled environment.
Top comments (0)