Professional Documents
Culture Documents
PROJECT PLAN
Date: 04/14/2020
Samantha Hernandez
samhern1@uat.edu
1|Page
Executive Summary
learn how to deploy GPO’s, learning how businesses submit requirements, and discuss the
Project Report
Utilize Routing and Remote Access (RRAS) to connect the remote site’s stand-alone server to
the domain. As well as creating a group policy plan to comply with the board’s directives listed.
machines/
https://improveandrepeat.com/2018/03/internet-explorer-on-windows-server-enable-file-
downloads/
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-
antivirus/use-group-policy-windows-defender-antivirus
https://social.technet.microsoft.com/Forums/lync/en-US/207ef293-2a5c-461a-aafb-
630caacd3d56/enforcing-kiosk-mode-via-gpo-or-other-methods?forum=winserverGP
2|Page
Introduction
The following report was designed for use in the University of Advancing Technology
NTW216 Foundations of System Administration Course within the network engineering degree
path. The information presented in this document is to establish password and system security
requirements within the company network domain. By enabling the Routing and Remote Access
(RRAS) feature within the Windows Server 2016 VM, we are allowing remote connection for
the entire company to effectively be able to work possibly from home or from their own mobile
device. As well as configuring a group policy plan and deploying it to the appropriate GPO’s on
the domain.
GPOs
The imposed GPO changes will meet the needs of the organization by implementing
changes for each computer/user located within the network of the Lab Rats Inc company. By
doing these changes with the Group Policy Management tool you ensure each user/computer
found in your network has implied these necessary changes, which ultimately saves time and
energy by allowing one change to be done to all other users within company structure. GPOs
allow the administrators to easily customize policies for a group of users to limit or expand their
one trusted web browser to be used throughout the company to minimize troubleshooting and
security occurrences.
3|Page
Figure 1. Group Policy Management.
Figure 3. OU.
4|Page
Figure 4. Created OU.
Creating a new organizational unit (OU) happens within the Server Manager application.
First, click on “Tools” located on the top right hand of your screen and select “Group Policy
Management”. Then, expand your “Forest” and “Domains” and right click on the chosen domain
name. Next, click on “Create a GPO in this domain and Link it here…”. Finally, type in the
Going back to the Server Manager screen, click on “Tools” and select “Active Directory
Users and Computers”. Then, right-click on the domain name, hover over “New” and select
“Organizational Unit”. Finally, type in the desired name and click “Ok”.
Back to the Group Policy Management, right click on the previous created OU and select
“Link an Excising GPO”. Next, click on the created domain and click “Ok” as you are finished
creating an OU.
5|Page
Board of Directors Policies
6|Page
Figure 8. Google Chrome.
7|Page
Figure 11. AD Users & Computers.
Before configuring the policies within the group policy management, giving your user
account the permission of two different important admins will allow you to configure the policies
needed with no problem. First within the Server Manager application, click on “Tools” and select
“Active Directory Users and Computers”. Next, click on “Users” and double click your named
user account. Select the “Member Of” tab and click “Add”. Type “Domain Admin” and
“Enterprise Admin”. Finally, click “Ok”, “Apply”, and “Ok” as you have given yourself god
access.
8|Page
Configuring the policies happens within the Group Policy Management Editor, which
was opened from the Server Manager previously. In order to configure the password policy, right
click on the created policy and select “Edit”. Next, expand the “Computer Configuration”,
“Policies”, and “Windows Settings”. Click on “Security Settings”, “Account Policies”, and
“Password Policy”. Then, change each policy within listed to the adequate setting needed and
In order to configure the accounting departments wallpaper settings, expand the “User
“Desktop” and double click on “Desktop Wallpaper”. Then, select the option “Enable” and type
in the wallpaper path. Finally, change the “Wallpaper Style” to “Fill” and click “Apply” and
“Ok”
In order to configure the Google Chrome as the only web browser, open the “Internet
Explorer Web Browser” and the settings dialog box. Next, click on the “Security” tab and select
“Custom level...”. Select the “Enable” option and click “Ok”. Exit out the settings dialog box. In
the web browser engine, type “Google Support page” and click “Enter”. Then, download the
“policy template zip file” and click “Save” and “Show in Folder”. Right click on the
“policy_templates” folder and select “Extract All”. In the pop-up window, select the folder and
click “Extract”. Once extraction is finished, open up the “Windows” folder and the “admx”
folder. Right click on the “chrome.admx” file and select “Copy”. Open the “Run” window and
type “%systemroot%\PolicyDefinitions” and click “Ok”. Right click on the empty space and
select” Paste”. In the pop-up window, click “Continue”. Minimize the current window and in the
previous window, right click the “chrome.adml” file and select “Copy”. Open the “Run” window
9|Page
space and select “Paste”. In the pop-up window, click “Continue”. Open the “Run” window and
type “gpedit.msc” and click “Ok”. Under the “Computer Configuration”, expand the
“Administrative Templates” and scroll down to look for the Google Chrome software as it has
In order to configure the anti-virus software within the organizations within the “Group
Policy Management Window”, expand “Group Policy Object” and right click on the GPO
previously created. Select “Edit” and within the “Computer Configuration” section, expand the
Then, click on “Windows Defender Antivirus” and select the “Custom User Interface”. Finally,
In order to configure the kiosk method, open the selected GPO to apply the settings to.
Under the “User Configuration” section, click on “Administrative Templates” and select
“System”. Next, double click on “Custom User Interface” and select the “Enable” option. Then,
in the interface file name box type in “c:\program files\internet explorer\iexplore.exe”. Finally,
click “Ok” and close the window as the kiosk has been set.
To configure the kiosk settings, within the “Computer Configuration” section, click on
“Administrative Templates”. Next, click on “Internet Explorer” and configure the settings
needed. Repeat this process for the User Configuration section as well.
10 | P a g e
Routing & Remote Access (RRAS)
11 | P a g e
Figure 16. Server Installation Complete.
12 | P a g e
Figure 19. Configuration.
Installing the Routing and Remote Access Server happens within the Server Manager
application. First, click on the “Add roles and features” and continue clicking “Next” until you
get to the “Server Roles” section. In the “Server Roles” section, select the “Remote Access”
option and click “Next”. Continue clicking “Next” until you get to the “Role Services” section.
Then, select the “DirectAccess and VPN (RAS)” option and click “Next”. Once at the
“Installation” section, click “Install”. In the “Configure Remote Access” window pop-up, select
the option that best suites the company or purpose. Once in the configuration window, right click
on your server and select “Configure and Enable Routing and Remote Access”. Next, select
13 | P a g e
“Custom Configuration” and “VPN Access”. Click “Next” and “Finish”. Continue by clicking
“Ok” on the pop-up window. Finally, click “Start Service” as the Remote Access feature is ready
to be put to use.
Kiosk
The implementation on the kiosk policy to allow the marketing department to go mobile
meaning they can access anything they are authorized to view on the go. Many businesses
worldwide have implemented this feature based on a mobile app where it has certain restrictions
and can be used worldwide when traveling outside the country. The cost to produce a mobile app
that would serve as a kiosk would be about a total of $3,440. This mean price budget includes all
the necessaries like management software, 24/7/365 technical support, installation, and an initial
project management fee of $300. Products that would comply with a full kiosk definition would
most likely be tablets and iPads since they are portable enough to take on the go when traveling,
especially in an airport setting. Keep in mind the more security implementation desired for the
14 | P a g e
References
Brinkmann, M. (2015, April 1). How to install chrome policy templates on Windows machines.
templates-on-windows-machines/
Computerwurld. (2018, June 6). How to Install Chrome Group Policy Templates. Retrieved
from https://www.youtube.com/watch?v=t-c8-j0myMo
Graber, J. (2018, March 20). Internet explorer on Windows Server: Enable file downloads.
server-enable-file-downloads/
Letsielo. (2009, August 18). Enforcing kiosk mode via GPO or other methods. Retrieved from
https://social.technet.microsoft.com/Forums/lync/en-US/207ef293-2a5c-461a-aafb-
630caacd3d56/enforcing-kiosk-mode-via-gpo-or-other-methods?forum=winserverGP
Microsoft. (2018, September 3). Configure Windows defender antivirus with group policy -
us/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-
windows-defender-antivirus
15 | P a g e