Working with Windows Accounts and Security Policies

Hands-On Lab

 

Photo of Bob Salmans

Bob Salmans

Security Training Architect I in Content

Length

00:30:00

Difficulty

Beginner

In this lab, we will learn how to configure Windows accounts and security policies. Specifically, we will set password requirements, configure account lockout settings, and create a temporary user account that expires in one week. NOTE: Once the lab is ready, please wait 2 additional minutes before attempting to remote desktop to the Windows machine. Prior to that, the provided credentials will not work. This is because the Windows machine runs several preparation scripts once it starts.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Working with Windows Accounts and Security Policies

Introduction

In this lab, we will learn how to configure Windows accounts and security policies. Specifically, we will set password requirements, configure account lockout settings, and create a temporary user account that expires in one week.

Setting Up the Environment

  1. Use RDP (Remote Desktop) to connect to the public IP address of the instance on port 3389.
  2. Log in with the credentials provided on the lab instructions page.

Set Password Requirements on the Local Server

  1. From your desktop, click the start menu and open the Server Manager.
  2. Click Tools > Local Security Policy.
  3. Click the arrow next to Account Policies, and select Password Policy.
  4. Configure the following:
    • Maximum password length: 12 characters
    • Minimum password age: 3 days
    • Maximum password age: 180 days

Configure the Account Lockout Settings

  1. In the left panel of the Server Manager window, click Account Lockout Policy.
  2. Set the following values:
    • Account lockout threshold: 3 invalid logon attempts
    • Account lockout duration: 10 minutes
  3. Click OK for both Suggested Value Changes messages.

Create a Temporary User Account

  1. Locate the Command Prompt application in the Start menu.
  2. Right-click on the application name, and select Run as administrator.
  3. Click Yes.
  4. Add a user called contractor1.
    net user contractor1 Pinehead123abc! /add
  5. Type Y at the prompt.
  6. Set an account expiration date of one week from today. (Substitute <MM/DD/YYYY> with the date seven days from now.)
    net user contractor1 /expires:"<MM/DD/YYYY>"

Conclusion

Congratulations, you've successfully completed this hands-on lab!