Microsoft Virtual Labs Express

Introduction to Windows Server

2003 Management
Introduction to Windows Server 2003 Management

Table of Contents
Introduction to Windows Server 2003 Management................................................................. 1
Exercise 1 Introduction to Group Policy .......................................................................................................................2
Exercise 2 Security Configuration Wizard ....................................................................................................................4
Introduction to Windows Server 2003 Management

Introduction to Windows Server 2003

Management
After completing this lab, you will be better able to:
Objectives ƒ Create a Group Policy
ƒ View a Resultant Set of Policy
ƒ Use the Security Configuration Wizard
In this lab, you will take a look at two of the most important management tools in
Scenario Windows Server 2003: Group Policy and the Security Configuration Wizard.

Estimated Time to 15 Minutes

Complete This Lab

Computers used in this

Lab SEA-DC-01

SEA-WRK-01

The password for the Administrator account on all computers in this lab is:
MSEvent.123

Page 1 of 6
Introduction to Windows Server 2003 Management

Exercise 1
Introduction to Group Policy

Scenario
In this exercise, you will take a look at a few of the basics of Group Policy.
Complete this exercise using:

SEA-DC-01

SEA-WRK-01

Tasks Detailed Steps

Complete the following a. Click Start | Administrative Tools | Group Policy Management.
task on: b. In the console tree, expand Forest: CONTOSO.COM, expand Domains, expand
CONTOSO.COM.
SEA-DC-01 c. Right-click Group Policy Objects, click New.
1. Create a Group d. In the New GPO dialog box, type Default User Policies, and then click OK.
Policy
e. Click Group Policy Objects.
f. Right-click Default User Policies, and click Edit.
g. In the Group Policy Object Editor, under User Configuration, expand
Administrative Templates
h. Click Start Menu and Taskbar.
i. In the details pane, double-click the Remove Run Menu from Start menu policy,
click Enabled.
The setting is now Enabled
j. For more information about the policy, click the Explain tab.
k. Click OK.
l. Click File, and then click Exit to close the Group Policy Object Editor.
m. In the Group Policy Management console, right-click the Sales and Marketing
OU, and then click Link an Existing GPO...
n. Click Default User Policies, and then click OK.
o. Double click Default User Policies, and then click the settings tab.
The settings for the policy are displayed.
Complete the following a. Switch to the SEA-WRK-01 machine by clicking SEA-WRK-01 link in the My
task on: Machines browser.
b. On the Client computer SEA-WRK-01, click Start | Log-off, and then click Log
SEA-WRK-01 Off.
2. Verify that the policy Since this is a virtual machine the normal CTRL+ALT+DEL will take effect on your
has taken effect. computer, do not press CTRL+ALT+DEL
c. At the Welcome screen, press ALT+DEL.

Page 2 of 6
Introduction to Windows Server 2003 Management
Tasks Detailed Steps
d. Type lking in the user name box and type MSEvent.123 in the Password box, and
then click OK.
Logging on to a client workstation as any user under the Sales and Marketing OU,
including child OUs, will apply the Default User Policies GPOs. The Run option is
disabled.
e. Click Start.
You will notice that the Run option is not available from the Start menu If the Run
menus is still there, log off and then back on to allow more time for the policy to
change.
Complete the following a. Switch to the SEA-DC-01 machine by clicking the SEA-DC-01 link in the My
task on: Machines browser.
b. In the console tree, right-click Group Policy Modeling, and then click Group
SEA-DC-01 Policy Modeling Wizard.
3. Resultant Set of c. In the Group Policy Modeling Wizard, click Next.
Policies d. Click Next.
e. In the User information area, select Container and then click Browse.
f. Expand Contoso.com, click Sales and Marketing, and then click OK.
g. In the Computer information area, select Container, and then click Browse.
h. Expand Contoso.com, click Computers, and then click OK.
i. Click Next.
Advanced Simulation Option can be select here
j. Click Next.
You can add different User Security groups for the simulation.
k. Click Next.
You can add different Computer Security groups for the simulation.
l. Click Next.
You can include Windows Management Instrumentation (WMI) filters for Users to the
simulation.
m. Click Next.
You can include Windows Management Instrumentation (WMI) filters for Computers
to the simulation.
n. Click Next.
A summary of the selections is displayed.
o. Click Next, and then click Finish.
p. Click the Setting tab.
Here you can examine the settings applied, and see what GPO applied them.
q. Close the Group Policy Management Console.

Page 3 of 6
Introduction to Windows Server 2003 Management

Exercise 2
Security Configuration Wizard

Scenario
In this exercise, you will use the Security Configuration Wizard.

Tasks Detailed Steps

1. Use the Security The Security Configuration Wizard is not installed by default after you install
Configuration Windows Server 2003 Service Pack 1. You will need to go through the Add/Remove
Wizard. Windows Components applet in Control Panel to install the Wizard.
a. Click Start | Control Panel | Add/Remove Programs | Add/Remove Windows
Components.
b. Click to select Security Configuration Wizard, and then click Next.
c. Click Finish, and then close Add/Remove Programs.
d. Click Start | Administrative Tools | Security Configuration Wizard.
You should note the message that is highlighted with the yellow yield sign. The
message indicates that the wizard will detect inbound ports that are being used by this
server. This requires that all applications that use inbound ports be running before
you run the Wizard and create the security policy.
e. Click Next.
You can create a new policy, edit an existing policy, apply an existing policy, or
rollback the last applied policy.
f. Click Create a new security policy, then click Next.
g. Click Next.
Security policies are created as XML files, using the XML file extension. The default
security policy storage location is C:\WindowsSecuritymsscwpolicies. You can provide
a description with each security policy, which is extremely useful if you have a
multitude of policies.
When you work with the security policy XML file, you won’t be working with the file
as a whole, you will be working with the file in different sections. These sections are
organized and referenced within the Security Configuration Wizard interface using a
security configuration database structure. You can view the security configuration
database using the SCW Viewer.
h. Click View Configuration Database.
The SCW Viewer allows you to see all of the settings that are configured in the
security policy, without viewing the native XML code or using an XML viewer.
i. Click the triangle next to Application Server.
j. Close the SCW Viewer, and then click Next.
Once the security configuration database is generated, you will work within the
Security Configuration Wizard to make the security settings desired for a server or
group of servers. The Wizard will walk you through an assortment of sections related
to the roles and functions that the server is responsible for.
This section provides a way to configure the services that are installed and available
based on the server’s role and other features. The Wizard is not designed to install
components or set up a server to perform specific roles. Instead, it is designed to
enable services and open ports based on a list of server roles and client features.
k. Click Next.

Page 4 of 6
Introduction to Windows Server 2003 Management
Tasks Detailed Steps
A list of the roles is displayed, the installed roles are selected.
l. Click Next.
A list of the client features is displayed; the installed client features are selected.
m. Click Next.
A list of the Administrative and other options are displayed, the installed options are
selected.
n. Click Next.
A list of additional services installed on the server is displayed.
o. Click Next.
Handling Unspecified Services, these services that do not appear in the SCW database
and are not installed on the server.
p. Click Next.
A list of services are displayed that will be changed based on the Roles, Features and
Options you selected.
q. Click Next.
This section is designed to configure inbound ports using Windows Firewall. The
configurations will be based on the roles and administration options that were
selected in the previous section. You will also be able to restrict access to ports and
configure port traffic to be signed or encrypted using IPSec.
r. Click Next.
A list of ports is displayed. The list indicates if the port will be explicitly open,
blocked, or for an approved application.
s. Click Next.
This section is designed to configure protocols used to communicate with computers
on the network.
t. Click Next.
This section determines if SMB Security Signatures are enabled
u. Click Next.
This section determines if LDAP signing is required by the security policy
v. Click Next.
w. Click Next.
x. Click to select the Windows 2000 SP3 or later check box, and then click Next.
This section determines methods used for when making outbound connections.
y. Click Next.
This section determines the LAN Manager authentication level when making outbound
connections.
z. Click Next.
This area displays a summary of the registry settings to be changed based on your
selections.
aa. Click Next.
This section will configure the auditing of the server based on your auditing
objectives. The audit policy within the Wizard can be configured to not audit any
events, audit only successful events, or audit both successful and unsuccessful events.
The audit policy will not only configure the Object Access events, but the entire audit
policy list of events.
bb. Click Next.
cc. Click Next.

Page 5 of 6
Introduction to Windows Server 2003 Management
Tasks Detailed Steps
A summary of the Audit Policies are displayed.
dd. Click Next.
This section will only display if you selected the server to run the Web server role.
This section is designed to configure the security aspects of Internet Information
Services (IIS).
ee. Click Next.
Select Web Service Extensions for Dynamic Content
ff. Click Next.
Select Virtual Directories to Retain
gg. Click Next.
Prevent Anonymous Users from Accessing Content Files
hh. Click Next.
A summary of the changes to be made to IIS are displayed
ii. Click Next.
Save the Security Policy
jj. Click Next, and then click View Security Policy.
kk. Close the SCW viewer
ll. Type Test for the name of the security policy
mm. Click Next.
Do Not Restart the Server
nn. Click OK, click Next and then click Finish.

Thank you for attending Microsoft Virtual Labs Express. Do

you want more time? Would you like more comprehensive
content? Take a 90-minute Microsoft Virtual Lab today!

ƒ TechNet Virtual Labs for IT Pros:

http://www.microsoft.com/technet/traincert/virtuallab

ƒ MSDN Virtual Labs for Developers:

http://msdn.microsoft.com/virtuallabs

Page 6 of 6