# Lab 5.0: ADDS Group Policy ### Summary This lab was very straight forward except I hit a roadblock when it came to the `disablelastlogin`. Overall it was a very fun lab and I hope I do well when everything is deleted. ### Assessment Prep Remember to enable ICMP on windows and follow my documentation. ### Commands / Steps 1. To add an Organization Unit or OU * Go to `tools` then select `Active Directory Users and Computers` * Right-click on name.local `new` then `Organizational Unit` * Now create `Accounts`, `Computers`, `Groups` 2. To add users to the OU * Right-click on the Accounts `New` then `User` 3. To add a computer to an OU * Do the same as before except select `Computer` instead of `User` 4. Creating Group Policy for OU * Select your `Groups` then right-click on the Accounts `New` then `Group` * Here you want to add the users to that policy 5. Group Policy Management * Go to `tools` then select `Group Policy Management` * Select the OU created before and `Create a GPO in this domain, and Link it here...` * Now remove `Authenticated Users` and add the name of the Group Policy created before * Next add the `Domain Computers` so this affects all computers in the Domain * Next got to `Delegations` tab and to `Domain Computers` and change the Permissions so Deny is checked for `Apply Group Policy` To Clear Login After Every Logout \* Create `DisableLastLogin` under the `Computers` OU \* Now remove `Authenticated Users` and add the name of the Group Policy created before \* Next add the `Domain Computers` so this affects all computers in the Domain \* Make sure `Apply Group Policy` is checked under the `Delegation` tab for `Domain Computers` \* Now right click on `DisableLastLogin` and select edit `Computer Config/Policies/Windows Settings/Security Settings/Local Policies/Security Options` right click on `Security Options` then find `Don't display last signed-in` and enable PLEASE HIT APPLY WHEN YOU WANT TO CHANGE POLICY 1. To edit this new GPO * Right-click and select `Edit` * Now if you want to remove the recyling bin navigate to `User Configuration/Administrative Temp/Desktop` and under desktop will be everything that can be changed 2. To check if GPO is applied * On a domain computer and login then pull up a power shell and type `gpresult /r` * under `Applied Group Policy Objects` will show what rules are applied * `gpudate /force` = will update the group policy by force * `gpresult /scope computer /r` = shows what is applied to current computer --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://paul-gleason.gitbook.io/sys-255-system-admin-and-network-services-i/labs/lab-5.0-adds-group-policy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.