Lab Report: 7.1.6 Configure Windows Defender

Lab Report: 7.1.6 Configure Windows Defender Your Performance Your Score: 0 of 6 (0%) Elapsed Time: 12 seconds Pass Status: Not Passed Required Score: 100% Task Summary Perform a full scan once per week Hide Details Perform the scan on Saturday Perform the scan at midnight (12:00 am) Perform a full system scan Check for updates before scanning Configure default actions to take Hide Details Remove severe alert items Remove high alert items Remove medium alert items Allow low alert items Apply recommended actions to items detected during a scan Configure advanced options Hide Details Scan email Scan removable drives Display items from all users of this computer Perform a quick scan Explanation In this lab, your task is to configure Windows Defender as follows: Automatic scanning setting: Frequency: Saturday Approximate time: 12:00 am Type: Full scan (A quick scan checks the areas of the computer that spyware is likely to affect, and a full scan checks all files and programs on the computer) Check for updated definitions before scanning: Enabled Default actions settings: Severe alert items: Remove High alert items: Remove Medium alert items: Remove Low alert items: Allow Apply recommended actions: Enabled Advanced settings: Scan email: Enabled Scan removable drives: Enabled Administrator settings: Display items from all users of this computer: Enabled Complete this lab as follows: 1. Right-click Start > Control Panel. 2. In the top right corner under View by, select Small icons from the drop-down list. 3. Select Windows Defender. 4. Select Tools. 5. Under Settings, select Options. 6. Make sure Automatically scan my computer (recommended) is selected to allow Windows Defender to scan the computer automatically. 7. Configure automatic scanning settings as follows: a. Select the frequency. b. Select the approximate time. c. Select the type of scan. d. Select Check for updated definitions before scanning to make sure definitions are up to date prior to a scan. 8. Configure Default actions settings as follows: a. In the left-side menu, select Default actions. b. Select the Severe alert items. c. Select the High alert items. d. Select the Medium alert items. e. Select the Low alert items. f. Select Apply recommended actions to apply actions when items are detected. 9. Configure Advanced settings as follows: a. In the left menu, select Advanced. b. Select Scan email. c. Select Scan removable drives. 10. Configure Administrator settings as follows: a. In the left menu, select Administrator. b. Select Display items from all users of this computer. 11. Select Save. 12. Select Scan to run a quick scan. Lab Report: 7.3.5 Configure Automatic Updates Your Performance Your Score: 0 of 4 (0%) Elapsed Time: 11 seconds Pass Status: Not Passed Required Score: 100% Task Summary On Support, configure Windows Update Hide Details Install updates on Wednesday Install updates at 2:00 am Allow other users to install updates Include recommended updates On Support, configure driver updates to install if they are not found on the computer On ITAdmin, Enable automatic updates Hide Details Install updates automatically Include recommended updates for other Microsoft products On ITAdmin, configure driver updates to download apps and icons for new devices Explanation In this lab, you perform the following tasks: Configure Windows Update on Support (which is running Windows 7) as follows: Download and install updates automatically each Wednesday at 2:00 am. Include recommended updates. Allow any user on the computer to install updates. Configure driver updates to install drivers if they are not found on the computer. Configure Windows Update on ITAdmin as follows: Configure Windows Update to install updates automatically. Configure Windows Update to install updates for other Microsoft products when Windows is updated. Configure driver updates to download apps and icons for new devices. Complete this lab as follows: 1. On Support, modify Windows Update settings as follows: a. Select Start. b. Select Control Panel. c. Select System and Security. d. Select Windows Update. e. On the left, select Change settings. f. Configure the update day and time. g. Select Give me recommended updates the same way I receive important updates to include recommended updates. h. Select Allow all users to install updates on this computer to allow any user to install updates. i. Click OK. 2. On Support, configure how Windows prompts for updated drivers: a. Select Start. b. Right-click Computer and select Properties. c. On the left, select Advanced system settings. d. Select the Hardware tab. e. Select Device Installation Settings. f. Select the required update option; then click Save Changes. g. Click OK. 3. On ITAdmin, modify Windows Update settings as follows: a. From the top menu, select the Floor 1 location tab. b. Select ITAdmin. c. Select Start. d. Select Settings. e. Select Update & security. f. In Windows Update, select Advanced options. g. From the Choose how updates are installed drop-down list, select Automatically. h. Select Give me updates for other Microsoft products when I update Windows to include recommended updates. 4. On ITAdmin, configure how Windows handles apps and icons for devices: a. Right-click Start and select System. b. On the left, select Advanced system settings. c. Select the Hardware tab. d. Select Device Installation Settings. e. Select Yes; then select Save Changes. f. Select OK. 5. Select Yes; then click Save Changes. 6. Click OK. Lab Report: 7.3.7 Configure Windows Firewall Your Performance Your Score: 0 of 3 (0%) Elapsed Time: 11 seconds Pass Status: Not Passed Required Score: 100% Task Summary Turn Windows Firewall On Hide Details Enable the firewall for the Domain network Profile Enable the firewall for the Public network Profile Configure the program exceptions on the Domain network profile Hide Details Allow Key Management Service through the firewall Allow the Arch98 program through the firewall Allow the Apconf program through the firewall Deny the Windows Media Player program through the firewall Deny the Windows Peer to Peer Collaboration Foundation program through the firewall Configure the program exceptions on the Public network profile Hide Details Allow Key Management Service through the firewall Allow the Arch98 program through the firewall Allow the Apconf program through the firewall Explanation In this lab, you configure Windows Firewall as follows: Turn on Windows Firewall for the Domain and Public network profiles. Allow the following for the Domain and Public network profiles: Key Management Service An application named Arch98 An application named Apconf Remove the following exceptions on the Domain network profile: Windows Media Player Windows Peer to Peer Collaboration Foundation Complete this lab as follows: 1. Right-click Start and select Control Panel. 2. Select System and Security. 3. Select Windows Firewall. 4. Turn the Windows Firewall on as follows: a. On the left, select Turn Windows Firewall on or off to enable the firewall. b. Under Domain network settings, select Turn on Windows Firewall. c. Under Public network settings, select Turn on Windows Firewall. d. Click OK. 5. Allow programs through the firewall as follows: a. On the left, select Allow an app or feature through Windows Firewall to allow a program through the firewall. b. Select Change settings. c. For Key Management Service, mark the exception box in the Domain and Public columns. d. Select Allow another app to configure an exception for an uncommon program. e. Select Arch98 from the list. f. Select Add. g. Make sure the Domain exception box is selected. h. In the Public column, select the exception box. i. Repeat steps 5d–5h for Apconf. 6. Restrict programs through the firewall as follows: a. Under Allowed apps and features, browse to the program. b. For the program, deselect the Domain exception box. c. Click OK. Lab Report: 7.4.5 Manage Services with Group Policy Your Performance Your Score: 0 of 5 (0%) Elapsed Time: 14 seconds Pass Status: Not Passed Required Score: 100% Task Summary Set the Application Identity service to Automatic Set the Remote Registry service to Disabled Set the Routing and Remote Access service to Disabled Set the SSDP Discovery service to Disabled Set the UPnP Device Host service to Disabled Explanation In this lab, you configure the Workstation GPO with the following settings: <ul style="display: flex;"><li style="flex:1">Service </li><li style="flex:1">Setting </li></ul>Application Identity Remote Registry Automatic Disabled Routing and Remote Access Disabled <ul style="display: flex;"><li style="flex:1">SSDP Discovery </li><li style="flex:1">Disabled </li></ul><ul style="display: flex;"><li style="flex:1">Disabled </li><li style="flex:1">UPnP Device Host </li></ul>Complete this lab as follows: 1. From Server Manager, select Tools > Group Policy Management. 2. Expand Forest: CorpNet.com > Domains > CorpNet.com > Group Policy Objects. 3. Right-click WorkstationGPO and select Edit. 4. Under Computer Configuration, expand Policies > Windows Settings > Security Settings. 5. Select System Services. 6. In the right pane, double-click the policy you want to edit. 7. Select Define this policy setting. 8. Select the policy setting; then click OK. 9. Repeat steps 6–8 for each policy setting. Lab Report: 7.5.5 Configure NTFS Permissions Your Performance Your Score: 0 of 4 (0%) Elapsed Time: 13 seconds Pass Status: Not Passed Required Score: 100% Task Summary Give the Accounting Resources group Full Control to D:\Departments\Accounting Give the Research Resources group Full Control to D:\Departments\Research Give the Sales Resources group Full Control to D:\Departments\Sales Give the Support Resources group Full Control to D:\Departments\Support Explanation In this lab, you explicitly add permission assignments using the following: <ul style="display: flex;"><li style="flex:1">Folder </li><li style="flex:1">Domain Local Group </li><li style="flex:1">Permissions </li></ul><ul style="display: flex;"><li style="flex:1">D:\Departments\Accounting </li><li style="flex:1">Accounting Resources </li><li style="flex:1">Full Control </li></ul>D:\Departments\Research D:\Departments\Sales D:\Departments\Support Research Resources Sales Resources Full Control Full Control <ul style="display: flex;"><li style="flex:1">Full Control </li><li style="flex:1">Support Resources </li></ul>Complete this lab as follows: 1. From the taskbar, open File Explorer. 2. Browse to and right-click the folder and select Properties. 3. Select the Security tab. 4. Select Edit. 5. Select Add. 6. In the Enter the object names to select field, type the name of the group that will receive permission to the shared folder; then click OK. 7. Select the group. 8. In the Allow column, select the appropriate permission. 9. Click OK twice. 10. Repeat steps 2-9 for each domain local group. Lab Report: 7.5.6 Disable Inheritance Your Performance Your Score: 0 of 2 (0%) Elapsed Time: 16 seconds Pass Status: Not Passed Required Score: 100% Task Summary Grant the Managers group Allow Full Control to D:\Personnel Prevent inherited permissions on the D:\Personnel folder Hide Details Disable inheritance Remove all inherited permissions from the folder Explanation In this lab, you perform the following tasks: Grant the Managers group the Full Control permission to the D:\Personnel folder. Remove all inherited permissions that are flowing to the D:\Personnel folder. Complete this lab as follows: 1. Configure NTFS permissions as follows: a. From the taskbar, open File Explorer. b. Browse to the folder you need to modify permissions for. c. Right-click the folder and select Properties. d. Select the Security tab. e. Select Edit. f. Select Add. g. Enter the name of the group that will receive permission to the folder. h. Click OK. i. With the Managers group selected, select the appropriate NTFS permission. j. Click OK. 2. Prevent inherited permissions from parent objects as follows: a. On the Security tab, select Advanced. b. Select Disable inheritance. c. Select Remove all inherited permissions from this object. d. Click OK to close the Advanced Security Settings for Personnel dialog. e. Click OK to close the Properties dialog. Lab Report: 7.9.4 Configure Advanced Audit Policy Your Performance Your Score: 0 of 9 (0%) Elapsed Time: 16 seconds Pass Status: Not Passed Required Score: 100% Task Summary Enable Audit Policies Hide Details Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings:--Enabled Audit: Shut down system immediately if unable to log security audits--Enabled Enable Event Log Policy Hide Details Retention method for security log: Enabled--do not overwrite events (clear log manually) Enable Account Logon Audit Policy Hide Details Audit Credential Validation: Success and Failure Enable Account Management Audit Policies Hide Details Audit User Account Management: Success and Failure Audit Security Group Management: Success and Failure Audit Other Account Management Events: Success and Failure Audit Computer Account Management: Success Enable Detailed Tracking Audit Policy Hide Details Audit Process Creation: Success Enable Logon-Logoff Audit Policies Hide Details Audit Logon: Success and Failure Audit Logoff: Success Enable Policy Change Audit Policies Hide Details Audit Authentication Policy Change: Success Audit Audit Policy Change: Success and Failure Enable Privelege Use Audit Policy Hide Details Audit Sensitive Privilege Use: Success and Failure Enable System Audit Policies Hide Details Audit System Integrity: Success and Failure Audit Security System Extension: Success and Failure Audit Security State Change: Success and Failure Audit IPsec Driver: Success and Failure Explanation In this lab, you configure the following audit policy settings in WorkstationGPO as follows: <ul style="display: flex;"><li style="flex:1">Local Policies </li><li style="flex:1">Setting </li></ul>Enabled Enabled Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings Audit: Shut down system immediately if unable to log security audits <ul style="display: flex;"><li style="flex:1">Event Log </li><li style="flex:1">Setting </li></ul>Retention method for security log Enabled: Do not overwrite events (clear log manually) Advanced Audit Policy Configuration Account Logon: Audit Credential Validation Account Management: Audit User Account Management Account Management: Audit Security Group Management Account Management: Audit Other Account Management Events Account Management: Audit Computer Account Management Detailed Tracking: Audit Process Creation Logon/Logoff: Audit Logon Setting Success and Failure Success and Failure Success and Failure Success and Failure Success Success Success and Failure <ul style="display: flex;"><li style="flex:1">Success </li><li style="flex:1">Logon/Logoff: Audit Logoff </li></ul>Policy Change: Audit Authentication Policy Change Policy Change: Audit Audit Policy Change Privilege Use: Audit Sensitive Privilege Use System: Audit System Integrity Success Success and Failure Success and Failure Success and Failure Success and Failure Success and Failure Success and Failure System: Audit Security System Extension System: Audit Security State Change System: Audit IPsec Driver Edit audit policies as follows: 1. From Server Manager, select Tools > Group Policy Management. 2. Expand Forest: CorpNet.com > Domains > CorpNet.com > Group Policy Objects. 3. Right-click WorkstationGPO and select Edit. 4. Under Computer Configuration, expand Policies > Windows Settings > Security Settings. 5. Modify Local Policies as follows: a. Expand Local Policies. b. Select Security Options. c. In the right pane, double-click the policy you want to edit. d. Select Define this policy setting. e. Select the policy settings as required. f. Click OK. g. Click Yes to confirm changes as necessary. h. Repeat steps 5c–5g for additional policy settings. 6. Modify the event log as follows: a. In the left pane, select Event Log. b. In the right pane, double-click the policy you want to edit. c. Select Define this policy setting. d. Select the policy settings as required. e. Click OK. 7. Modify Advanced Audit Policy Configuration as follows: a. In the left pane, expand Advanced Audit Policy Configuration > Audit Policies. b. Select the audit policy category. c. In the right pane, double-click the policy you want to edit. d. Select Configure the following audit events. e. Select the policy settings as required. f. Click OK. g. Repeat steps 7b–7f for additional policy settings. Lab Report: 7.9.6 Enable Device Logs Your Performance Your Score: 0 of 3 (0%) Elapsed Time: 20 seconds Pass Status: Not Passed Required Score: 100% Task Summary Enable logging and the Syslog aggregator Set RAM memory logging to Critical Set Flash memory logging to Alerts Explanation In this lab, you perform the following: Enable Logging and the Syslog aggregator Configure RAM memory logging as follows: Emergency, Alert, and Critical: Enable Error, Warning, Notice, Informational, and Debug: Disable Configure Flash memory logging as follows: Emergency and Alert: Enable Critical, Error, Warning, Notice, Informational, and Debug: Disable Complete this lab as follows: 1. From the left menu, expand the Administration. 2. Expand System Log. 3. Select Log Settings. 4. Under Logging, select Enable. 5. Under Syslog Aggregator, select Enable. 6. Under RAM Memory Logging, enable and disable the appropriate settings. 7. Under Flash Memory Logging, enable and disable the appropriate settings.

Lab Report: 7.1.6 Configure Windows Defender

Details

Download

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

Support