LAB RATS INC.

PROJECT PLAN

Project GPO’s & Security

Date: 04/14/2020

This Report was prepared by:

Samantha Hernandez

samhern1@uat.edu

1|Page
 Executive Summary

Introduction to the report

Objectives are understanding the steps for configuring password policies in active directory,

learn how to deploy GPO’s, learning how businesses submit requirements, and discuss the

thought processes and hurdles for the project.

Project Report
Utilize Routing and Remote Access (RRAS) to connect the remote site’s stand-alone server to

the domain. As well as creating a group policy plan to comply with the board’s directives listed.

References for the report

https://www.ghacks.net/2015/04/01/how-to-install-chrome-policy-templates-on-windows-

machines/

https://improveandrepeat.com/2018/03/internet-explorer-on-windows-server-enable-file-

downloads/

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-

antivirus/use-group-policy-windows-defender-antivirus

https://social.technet.microsoft.com/Forums/lync/en-US/207ef293-2a5c-461a-aafb-

630caacd3d56/enforcing-kiosk-mode-via-gpo-or-other-methods?forum=winserverGP

2|Page
 Introduction
The following report was designed for use in the University of Advancing Technology

NTW216 Foundations of System Administration Course within the network engineering degree

path. The information presented in this document is to establish password and system security

requirements within the company network domain. By enabling the Routing and Remote Access

(RRAS) feature within the Windows Server 2016 VM, we are allowing remote connection for

the entire company to effectively be able to work possibly from home or from their own mobile

device. As well as configuring a group policy plan and deploying it to the appropriate GPO’s on

the domain.

GPOs
The imposed GPO changes will meet the needs of the organization by implementing

changes for each computer/user located within the network of the Lab Rats Inc company. By

doing these changes with the Group Policy Management tool you ensure each user/computer

found in your network has implied these necessary changes, which ultimately saves time and

energy by allowing one change to be done to all other users within company structure. GPOs

allow the administrators to easily customize policies for a group of users to limit or expand their

permissions according to software. As well as restricting the company guidelines by allowing

one trusted web browser to be used throughout the company to minimize troubleshooting and

security occurrences.

3|Page
Figure 1. Group Policy Management.

Figure 2. Create a GPO.

Figure 3. OU.

4|Page
Figure 4. Created OU.

Creating a new organizational unit (OU) happens within the Server Manager application.

First, click on “Tools” located on the top right hand of your screen and select “Group Policy

Management”. Then, expand your “Forest” and “Domains” and right click on the chosen domain

name. Next, click on “Create a GPO in this domain and Link it here…”. Finally, type in the

desired name and click “Ok”.

Going back to the Server Manager screen, click on “Tools” and select “Active Directory

Users and Computers”. Then, right-click on the domain name, hover over “New” and select

“Organizational Unit”. Finally, type in the desired name and click “Ok”.

Back to the Group Policy Management, right click on the previous created OU and select

“Link an Excising GPO”. Next, click on the created domain and click “Ok” as you are finished

creating an OU.

5|Page
 Board of Directors Policies

Figure 5. Password Policy.

Figure 6. Accounting Dept. Wallpaper.

Figure 7. Configuring Wallpaper Policy.

6|Page
Figure 8. Google Chrome.

Figure 9. Windows Defender Setup.

Figure 10. Computer Kiosk.

7|Page
Figure 11. AD Users & Computers.

Figure 12. User’s Member Of.

Before configuring the policies within the group policy management, giving your user

account the permission of two different important admins will allow you to configure the policies

needed with no problem. First within the Server Manager application, click on “Tools” and select

“Active Directory Users and Computers”. Next, click on “Users” and double click your named

user account. Select the “Member Of” tab and click “Add”. Type “Domain Admin” and

“Enterprise Admin”. Finally, click “Ok”, “Apply”, and “Ok” as you have given yourself god

access.

8|Page
 Configuring the policies happens within the Group Policy Management Editor, which

was opened from the Server Manager previously. In order to configure the password policy, right

click on the created policy and select “Edit”. Next, expand the “Computer Configuration”,

“Policies”, and “Windows Settings”. Click on “Security Settings”, “Account Policies”, and

“Password Policy”. Then, change each policy within listed to the adequate setting needed and

click “Apply” and “Ok”.

In order to configure the accounting departments wallpaper settings, expand the “User

Configuration”, “Policies”, “Administrative Templates” and “Desktop”. Next, click on

“Desktop” and double click on “Desktop Wallpaper”. Then, select the option “Enable” and type

in the wallpaper path. Finally, change the “Wallpaper Style” to “Fill” and click “Apply” and

“Ok”

In order to configure the Google Chrome as the only web browser, open the “Internet

Explorer Web Browser” and the settings dialog box. Next, click on the “Security” tab and select

“Custom level...”. Select the “Enable” option and click “Ok”. Exit out the settings dialog box. In

the web browser engine, type “Google Support page” and click “Enter”. Then, download the

“policy template zip file” and click “Save” and “Show in Folder”. Right click on the

“policy_templates” folder and select “Extract All”. In the pop-up window, select the folder and

click “Extract”. Once extraction is finished, open up the “Windows” folder and the “admx”

folder. Right click on the “chrome.admx” file and select “Copy”. Open the “Run” window and

type “%systemroot%\PolicyDefinitions” and click “Ok”. Right click on the empty space and

select” Paste”. In the pop-up window, click “Continue”. Minimize the current window and in the

previous window, right click the “chrome.adml” file and select “Copy”. Open the “Run” window

and type “%systemroot%\PolicyDefinitions\en-US” and click “Ok”. Right-click on the empty

9|Page
space and select “Paste”. In the pop-up window, click “Continue”. Open the “Run” window and

type “gpedit.msc” and click “Ok”. Under the “Computer Configuration”, expand the

“Administrative Templates” and scroll down to look for the Google Chrome software as it has

been successfully added to the network.

In order to configure the anti-virus software within the organizations within the “Group

Policy Management Window”, expand “Group Policy Object” and right click on the GPO

previously created. Select “Edit” and within the “Computer Configuration” section, expand the

“Policies”. Next, click on “Administrative Templates” and expand “Windows Components”.

Then, click on “Windows Defender Antivirus” and select the “Custom User Interface”. Finally,

configure the needed setting within for security or restrictions.

In order to configure the kiosk method, open the selected GPO to apply the settings to.

Under the “User Configuration” section, click on “Administrative Templates” and select

“System”. Next, double click on “Custom User Interface” and select the “Enable” option. Then,

in the interface file name box type in “c:\program files\internet explorer\iexplore.exe”. Finally,

click “Ok” and close the window as the kiosk has been set.

To configure the kiosk settings, within the “Computer Configuration” section, click on

“Administrative Templates”. Next, click on “Internet Explorer” and configure the settings

needed. Repeat this process for the User Configuration section as well.

10 | P a g e
 Routing & Remote Access (RRAS)

Figure 13. Add Roles and Features.

Figure 14. Remote Access Server.

Figure 15. Roles Services.

11 | P a g e
Figure 16. Server Installation Complete.

Figure 17. Configure Remote Access.

Figure 18. Enable Remote Access.

12 | P a g e
Figure 19. Configuration.

Figure 20. Remote Access Service Setup.

Installing the Routing and Remote Access Server happens within the Server Manager

application. First, click on the “Add roles and features” and continue clicking “Next” until you

get to the “Server Roles” section. In the “Server Roles” section, select the “Remote Access”

option and click “Next”. Continue clicking “Next” until you get to the “Role Services” section.

Then, select the “DirectAccess and VPN (RAS)” option and click “Next”. Once at the

“Installation” section, click “Install”. In the “Configure Remote Access” window pop-up, select

the option that best suites the company or purpose. Once in the configuration window, right click

on your server and select “Configure and Enable Routing and Remote Access”. Next, select

13 | P a g e
“Custom Configuration” and “VPN Access”. Click “Next” and “Finish”. Continue by clicking

“Ok” on the pop-up window. Finally, click “Start Service” as the Remote Access feature is ready

to be put to use.

Kiosk
The implementation on the kiosk policy to allow the marketing department to go mobile

meaning they can access anything they are authorized to view on the go. Many businesses

worldwide have implemented this feature based on a mobile app where it has certain restrictions

and can be used worldwide when traveling outside the country. The cost to produce a mobile app

that would serve as a kiosk would be about a total of $3,440. This mean price budget includes all

the necessaries like management software, 24/7/365 technical support, installation, and an initial

project management fee of $300. Products that would comply with a full kiosk definition would

most likely be tablets and iPads since they are portable enough to take on the go when traveling,

especially in an airport setting. Keep in mind the more security implementation desired for the

kiosk software the higher the price will be.

14 | P a g e
 References
Brinkmann, M. (2015, April 1). How to install chrome policy templates on Windows machines.

Retrieved from https://www.ghacks.net/2015/04/01/how-to-install-chrome-policy-

templates-on-windows-machines/

Computerwurld. (2018, June 6). How to Install Chrome Group Policy Templates. Retrieved

from https://www.youtube.com/watch?v=t-c8-j0myMo

Graber, J. (2018, March 20). Internet explorer on Windows Server: Enable file downloads.

Retrieved from https://improveandrepeat.com/2018/03/internet-explorer-on-windows-

server-enable-file-downloads/

Letsielo. (2009, August 18). Enforcing kiosk mode via GPO or other methods. Retrieved from

https://social.technet.microsoft.com/Forums/lync/en-US/207ef293-2a5c-461a-aafb-

630caacd3d56/enforcing-kiosk-mode-via-gpo-or-other-methods?forum=winserverGP

Microsoft. (2018, September 3). Configure Windows defender antivirus with group policy -

Windows security. Retrieved from https://docs.microsoft.com/en-

us/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-

windows-defender-antivirus

15 | P a g e