Information Technology Reference
In-Depth Information
5. On your Vista computer, attempt to log on twice as
testuser1
with an incorrect password.
Attempt to log on a third time with the correct password. You should get a message stating
that the account is currently locked out.
6. On your server, open Active Directory Users and Computers. Open the Properties dialog box
for
Test User1
, located in TestOU, and click the
Account
tab. Under the Logon Hours
button is a message stating that the account is locked out. Click the
Unlock account
check
box. The account unlocks automatically after the number of minutes in the “Account lock-
out duration” setting expires, if it's not unlocked manually. Click
OK
.
7. Attempt to log on from your Vista computer again. You should be successful.
8. Before you go on to the next activity, return policies in Account Lockout Policy to their
default settings. On your server, open GPMC, if necessary. Expand the domain node, if nec-
essary, so that you can see the two policies linked to it. Right-click
AccountGPO
and click
Delete
. Click
OK
to confirm the deletion. That's it! No need to remember which policies to
undo; by using a second GPO linked to the domain, you can simply link it or unlink it,
depending on your policy requirements.
7
Activity 7-14: Disable Default Auditing
Time Required:
15 minutes
Objective:
Disable default event auditing on a domain controller.
Description:
Your event logs have become much too large because of Windows Server 2008's
default logging. You want to turn off default logging by using the Auditpol command.
1. Log on to your server as Administrator, if necessary.
2. Click
Start
, point to
Administrative Tools
, and click
Local Security Policy
.
3. Click to expand
Local Policies
, and then click
Audit Policy
. Verify that all audit policies are
set to No auditing, the default setting in Windows Server 2008 and Vista. Not defined is the
default setting in the Default Domain Policy and Default Domain Controllers Policy. Close
the Local Security Policy MMC.
4. Click
Start
, point to
Administrative Tools
, and click
Event Viewer
. Click to expand
Windows Logs
in the left pane, and then click the
Security
log. Scroll through the events dis-
played in the right pane. You'll probably see quite a few events pertaining to logon, logoff,
and directory service access.
5. Right-click the
Security
log in the left pane and click
Clear Log
. Click
Clear
. One new event
is created, which indicates the event log was cleared. This event is always logged.
6. On your Vista computer, log off, if necessary, and then log on as
testuser1
.
7. On your server, right-click the
Security
log and click
Refresh
. You should see several events
created by the logon from the Vista computer.
8. Open a command prompt window, type
auditpol /get /category:*
|
more
, and press
Enter
.
Press the
spacebar
to page through the resulting display. This command displays all the sub-
categories of audit policies and their current settings.
9. Type
auditpol /clear
and press
Enter
. When prompted, type
y
and press
Enter
. Type
auditpol
/get /category:*
|
more
and press
Enter
. Press the
spacebar
to page through the resulting dis-
play. Notice that all audit policies have been set to No auditing. This setting comes from the
local policy because no audit policies are set in Active Directory.
10. In Event Viewer, clear the
Security
log again. On your Vista computer, log off and log on
again as
testuser1
. Refresh the Security log again to verify that no new events were created
(aside from the event of clearing the log).
11. Close all open windows, and log off Vista.
Search WWH ::
Custom Search