ITF (FC0-U61) Skills Lab: Password Policies

Exercise 1: Configure Local Password Policy

Task 1: Remove Windows Computer from the Domain

  1. Connect to the Virtual Machine

    • Begin by connecting to the Windows Server 2019 virtual machine and log in. This machine is a domain member.

  2. Open PowerShell

    • Click the search bar and type PowerShell, then open Windows PowerShell.

  3. Remove the Computer from the Domain

    • Run the following command in PowerShell: 
      Remove-Computer
    • When prompted, type Y to confirm.

  4. Restart the Computer

    • Run the following command in PowerShell: 
      Restart-Computer
    • The computer will automatically restart.

  5. Proceed to the Next Task

    • Once the restart is complete, the computer is no longer part of the domain.

Task 2: Modify Local Security Policy

  1. Open Local Security Policy

    • Log in to the Windows Server 2019 VM.
    • Open Server Manager, click the Tools tab, and select Local Security Policy.

  2. Configure Password Policies

    • Navigate to Account Policies > Password Policy.
      • Minimum Password Length: Right-click, select Properties, set to 7 characters, and click OK.
      • Enforce Password History: Right-click, select Properties, set to 24 passwords remembered, and click OK.
      • Maximum Password Age: Right-click, select Properties, set to 30 days, and click OK.

  3. Configure Account Lockout Policies

    • Navigate to Account Policies > Account Lockout Policy.
      • Account Lockout Threshold: Right-click, select Properties, set to 3 invalid attempts, and click OK.
        • Click OK in the Suggested Value Changes pop-up.
      • Account Lockout Duration: Right-click, select Properties, set to 0, and click OK.

  4. Close Local Security Policy

    • Exit the Local Security Policy window after completing the configurations.

Task 3: Create a Local User for Testing Local Password Policy

  1. Open Computer Management

    • Right-click the Start button and select Computer Management.

  2. Create a New User

    • Expand Local Users and Groups > Users.
    • Right-click the Users folder and select New User.
    • Enter the username and password, retype the password, and uncheck User must change password at next logon.
    • Click Create, then close the dialog box.

  3. Close Computer Management

    • Exit the Computer Management window.

Task 4: Allow Log On via Remote Desktop

  1. Enable Remote Desktop Access

    • Right-click the Start button, select System, and navigate to Remote Desktop.
    • Scroll to User Accounts, click Select users that can remotely access this PC, and select Add.
    • Enter Authenticated Users and click OK.

  2. Sign Out

    • Right-click the Start button, select Shut down or sign out, and then select Sign out.

Task 5: Verify Local Password and Security Policy

  1. Test Password Policy

    • Log in using the new user account.
    • Press CTRL+ALT+DEL, select Change a Password, and intentionally create a password that does not meet the policy.
    • Repeat this step three times to lock out the account.

  2. Unlock the Account

    • Log back in as an administrator, open Computer Management, and navigate to Local Users and Groups > Users.
    • Right-click the locked-out user, select Properties, uncheck Account is locked out, and click OK.

  3. Close Computer Management

    • Exit the Computer Management window.

Exercise 2: Enforce Domain Password Policy

Task 1: Modify Domain Security Policy

  1. Open Group Policy Management

    • Log in to the Windows Server 2019 VM (domain controller).
    • In Server Manager, select Tools > Group Policy Management.

  2. Edit Default Domain Policy

    • Expand the Domains folder, locate the domain, right-click Default Domain Policy, and select Edit.
    • Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies > Password Policy.
      • Configure:
        • Enforce Password History: 24 passwords remembered.
        • Maximum Password Age: 20 days.
        • Minimum Password Age: 0 days.
        • Minimum Password Length: 10 characters.

  3. Configure Account Lockout Policy

    • Navigate to Account Policies > Account Lockout Policy.
      • Configure:
        • Account Lockout Duration: 0.
        • Account Lockout Threshold: 3 invalid attempts.
        • Reset Account Lockout Counter After: 30 minutes.

  4. Apply Policy Changes

    • Open Windows PowerShell and run the command: 
      gpupdate /force
    • Close all windows and sign out.

Task 2: Verify Domain Security Policy

  1. Test Account Lockout

    • Log in to a Windows 10 VM (domain member) using a test account.
    • Enter incorrect passwords until the account locks out.

  2. Unlock the Account

    • Log in to the Windows Server 2019 domain controller.
    • Open Active Directory Users and Computers, expand the Domain > NAmerica > Operations folder, locate the user, and right-click Properties.
    • On the Account tab, uncheck Account is locked out, and click OK.

  3. Close All Windows

    • Exit all applications and complete the lab.

Completion

You have successfully completed the virtual lab for configuring and enforcing password policies.

Previous

ITF+ Module 6
Next

ITF+ Module 8