70-687 Configuring Windows 8 LAB 7 CONTROLLING ACCESS TO LOCAL HARDWARE AND APPLICATIONS
THIS LAB CONTAINS THE FOLLOWING EXERCISES AND ACTIVITIES:
Exercise 7.1 Installing Remote Server Administration Tools
Exercise 7.2 Configuring Removable Storage Access Policies
Exercise 7.3 Using AppLocker
Lab Challenge Creating an AppLocker Rule Based on File Hash
Exercise 7.1 Installing Remote Server Administration Tools Overview In this exercise, you will install the Remote Server Administration Tools on a computer running Windows 8 so that you can use Active Directory tools and other administrative tools on a Windows 8 worktsation. Mindset Since users work from their client computers, it is always convenient to have the Remote Server Administration Tools available on the administrator’s client computer. `Completion time 20 minutes 70-687 Configuring Windows 8
Which two tools are used to administer users for Active Directory? Question 1
11. Take a screen shot of the Administrative Tools window by pressing Alt+Prt Scr and then paste the resulting image into the Lab 7 worksheet file in the page provided by pressing Ctrl+V.
[copy screen shot over this text]
Exercise 7.2 Configuring Removable Storage Access Policies Overview In this exercise, you will restrict the ability to write to an optical disk.
Mindset To prevent users from copying confidential information to a removable disk, you can create Removable Storage Access Policies. Completion time 15 minutes
Which policy setting prevents writing to a USB device? Question 2
16. Take a screen shot of the Group Policy Management Editor window by pressing Alt+Prt Scr and then paste the resulting image into the Lab 7 worksheet file in the page provided by pressing Ctrl+V.
[copy screen shot over this text]
Exercise 7.3 Using AppLocker 70-687 Configuring Windows 8
Overview In this exercise, you will use AppLocker to restrict access to an application.
Mindset To control what applications a user can run on her machine, you can create a GPO that will restrict or allow applications. Completion time 15 minutes
Based on the default rules that appear in the Executable Rules folder, which programs can a typical user run on a Windows 8 workstation? Which programs can members of Question the Administrators group run? 3
Based on the default rules that appear in the Windows Installer Rules folder, which Windows Installer files can a typical user run on a Windows 8 workstation? Which Question Windows Installer files can members of the Administrators 4 group run?
Why is it necessary to create the additional rule for the Group Policy Creator Owners group? Question 5
19. Take a screen shot of the Group Policy Management Editor console displaying the contents of the Executable Rules container by pressing Alt+Prt Scr and then 70-687 Configuring Windows 8
paste the resulting image into the Lab 7 worksheet file in the page provided by pressing Ctrl+V.
[copy screen shot over this text]
Lab Challenge Creating an AppLocker Rule Based on File Hash Overview In this exercise, you will create a rule that will deny users from running the Math Input Panel (mip.exe) based on the file hash.
Mindset Sometimes, when administrators block a file based on a specific path, some users will try to install or copy a file to a different folder and run the program from there. You can block a file based on file hash, which will stop the program from running no matter where it is being executed from. Completion time 10 minutes
During this exercise, you will create an AppLocker rule that will deny users from running the Math Input Panel based on file hash. The Math Input Panel file is located at C:\Program Files\Common\microsoft shared\ink\mip.exe. Write out the procedure you used to configure the settings, and then take a screen shot of the container where the settings are located by pressing Alt+Prt Scr and then paste the resulting image into the Lab 7 worksheet file in the page provided by pressing Ctrl+V.
[copy screen shot over this text]