Name : Bari Hade Variant Wahono

Position : Tier 1 Support

Date : 16/12/2019

DAILY TRAINING REPORT

List of training tasks carried out today include :

A. Basic Administration
1. Remote Access
Description :
Remote access is a facility in a computer which functions to indirectly control the
computer using a network or internet connection. This facility is very useful for the support
team to control other computers if needed through a computer network.
To perform remote activities to another computer Windows 10, the steps are as shown
below :
- Open Remote Desktop Connection

Fig. 1.1 Open Remote Desktop Connection from Windows Search

Remote Desktop Connection can be accessed through Windows 10 Application List or
from Windows Search.
- Then, a Remote Desktop Connection Window will appear that requires a Computer
Name / IP Address, Username, and Password to access it. For example, as shown
below :
 Fig. 1.2 Remote Desktop Connection Window
- Next, enter the Computer Name / IP Address of targeted computer.

Fig. 1.3 Entering the IP Address of targeted computer

Because the information from the targeted computer is only the IP Address, then I only
need to enter the IP Address of the targeted computer. The IP Address is
163.53.194.147.
- And then, enter the Username and Password that required to connect to targeted
computer. Because the Username and Password from my AD account have been added
by the Windows Admin tier to the SUBHVDEV3 computer. Then I can log into the
targeted computer.

Fig. 1.4 Enter the required credentials

- Next, a warning will appear about "The certificate is not from a certifying authority",
indicating that the certificate from the targeted computer is not safe. However, because
this is only for the training process, you can choose the "Yes" option.

Fig. 1.5 Certificate errors warning

- Then, wait for the Remote Desktop connection process to run.

Fig. 1.6 Remote Desktop Connecting Proccess

- After the connection process to the target computer is complete, the target computer
can already be accessed via Remote Desktop Connection.

Fig. 1.7 Remote Computer accessed via Remote Desktop Commection

 Remote Desktop Connection is very useful for the support team, because the support team
can access the server whose location is not in the same location as the support team to
solve the requirements needed and for the investigation process if there is a problem with
the server.
As far as I know, the support team is using Remote Desktop Connection for checking VM
& Server problems such as replication and backup errors, making a new VM, etc.
Furthermore, further handling is needed.
Note :
- You can connect to a targeted computer running Windows from another computer
running Windows that’s connected to the same network or to the Internet.
- To connect to a targeted computer :
a. That computer must be turned on.
b. Remote Desktop must be enabled.
c. Must have a network connection.
d. Must have a network access to to targeted computer (It could be through the
internet network).
e. And must have permission to connect.
f. For permission to connect, the user must be one the list of users.
- Before doing Remote Desktop Connection, you should know the name or IP Address
of the targeted computer.
- Make sure Remote Dekstop Connection are allowed through firewall.
- If your user does not have a password to log in, then the password needs to be added
to do Remote Desktop Connection.

2. User & Group Policy

To access the User & Group Policy, the method is to open the Local Users and Groups
and Local Group Policy Editor facility. Where these two facilities are interrelated to set
the Policy of the User and the Group.
- User Policy (Local Users and Groups  lusrmgr.msc)
User Policy is a facility to manage users by adding or removing users from members
of a group. Each group has different default rights and permissions. When there is a
user who is a member of a group, then the rights and permissions of the group will be
applied to that user. Explanation of right and permission is as shown below :
a. Right
A right is an action that allows a user to perform certain activities on the computer.
Activities such as backup files, backup folders, restart the computer, or turn off the
computer, etc.
b. Permission
Permission is a rule that refers to an object (Examples of objects such as a file,
folder, or printer). And, permissions set which users can access the object.
Note :
a. Must be signed in as an Administrator user to add or delete a user from a group.
b. Changing a user's membership of a group will not change its status until the user
signs in the next time.
These are some of the activities that executed on User Policy, for example as shown
below :
a. Add a User to a Group
- Open the Local and Users Group

Fig. 2.1 Open the Local and Users Group

- Select one of the users you want to add to a group, by right-clicking the User 
Select “Properties”

Fig. 2.2 Choosing one User

- Then select “Add” to adding a User to a Group

Fig. 2.3 Adding Group

- To select a group, select the "Find Now" button

Fig. 2.4 Finding Group

- Select the desired Group (For this case I choose Hyper-V Administrators)

Fig. 2.5 Choosing Group

- Then click Ok to enter the Bari User into the Hyper-V Administrators Group

Fig. 2.6 Entering Group

- Click OK again to apply the rule

Fig. 2.7 Applying Rule

b. Remove a User from a Group
- Select one of the users you want to remove from a group, by right-clicking the
User  Select “Properties”

Fig. 2.8 Choosing User

- Select the name of the group you wish to remove, then select the “Remove”
button

Fig. 2.9 Removing User

- The group has been removed, and select the “Ok” button to apply the rule

Fig. 2.10 Applying the rule

c. Adding member to a Group
- Select one of the groups you want to add member from User list, by right-
clicking the User  Select “Properties”

Fig. 2.11 Choosing Group

- Select the “Add” button to add the User to the Group

Fig. 2.12 Adding member to a group

- Click the "Find Now" button to find the desired user

Fig. 2.13 Finding User

 - Select the desired User (For this case I choose Bari)

Fig. 2.14 Choosing User

- Then click Ok to enter the Bari User into the Hyper-V Administrators Group

Fig. 2.15 Entering User

- Click OK again to apply the rule

Fig. 2.16 Applying the rule

d. Removing member from a Group
- Select one of the groups you want to add member from User list, by right-
clicking the User  Select “Properties”

Fig. 2.17 Choosing Group

 - Select the name of the user you wish to remove, then select the “Remove”
button

Fig. 2.18 Removing User

- The user has been removed, and select the “Ok” button to apply the rule

Fig. 2.19 Applying the rule

- Group Policy (Local Group Policy Editor  gpedit.msc)

Local Group Policy Editor is a facility that functions to modify and configure Group
Policy settings. In general, the Local Group Policy Editor is divided into 2 sections
which is Computer Configuration and User Configuration, for explanation as shown
below :
a. Computer Configuration
Computer Configuration contains settings that are applied to Computer. Computer
Configuration was applied at Startup and Background. For settings example, as
shown below :
- Remove Computer icon on the desktop
- Ability to Enable/Disable a LAN connection
- Lock the taskbar
- Etc
b. User Configuration
User Configuration contains settings that are applied to User. User Configuration
was applied at Signed In User and Background. For settings example, as shown
below :
- Allow Use of Camera
 - At logoff, delete local copy of users offline files
- Prevent Desktop Shortcut Creation
- Etc
These are some of the activities that executed on User Policy, for example as shown
below :
a. Enabled the password complexity requirements
- Open Local Group Policy Editor  Choose Computer Configuration 
Choose Windows Settings  Choose Account Policies  And then, choose
Password Policy

Fig. 2.20 Initial Steps

- After that, select the "Password must meet complexity requirements" setting,
by clicking twice

Fig. 2.21 Choosing Setting

- Choose Enabled  Click Ok Button

Fig. 2.22 Applying Setting

 - Setting Explanation :
1. Not contain the user's account name or parts of the user's full name that
exceed two consecutive characters
2. Be at least six characters in length
3. Contain characters from three of the following four categories :
English uppercase characters (A through Z)
English lowercase characters (a through z)
4. Base 10 digits (0 through 9)
5. Non-alphabetic characters (for example, !, $, #, %)
6. Complexity requirements are enforced when passwords are changed or
created.

b. Prevent changing desktop background

- Open Local Group Policy Editor  Choose User Configuration  Choose
Administrative Templates  And then, choose All Settings

Fig. 2.23 Initial Steps

- After that, select the “Prevent chaging desktop background” setting, by
clicking twice

Fig. 2.24 Choosing Setting

- Choose Enabled  Click Ok Button

Fig. 2.25 Applying Setting

 - Setting Explanation :
By default, users can use the Desktop Background page in the Personalization
or Display Control Panel to add a background design (wallpaper) to their
desktop. If this setting is enabled, none of the Desktop Background settings
can be changed by the user.

Note For Mr. Taufiq and Support Coordinator :

Because the content default list of local groups is very numerous and complex, which I do not
understand 100%. So, I only included the list of default local groups as reference material for
today's training. Sorry, I will try my best to understand about this material at home too. Thank
You.

The following is a list of default local groups in Local Users and Groups (especially in
SUBHVDEV3), for example as shown below :
Group Description
Access Control Assistance Operators Members of this group can remotely
query authorization attributes and
permissions for resources on the
computer.
Administrators Members of the Administrators group
have complete and unrestricted access
to the computer.
Backup Operators Members of the Backup Operators
group can ignore security restrictions
in order to backup or restoring files.
Certificate Service DCOM Access Members of this group are allowed to
connect to Certification Authorities in
the enterprise
Cryptographic Operators Members of this group are authorized
to perform cryptographic operations.
Device Owners Members of this group can change
system-wide settings.

Note :
- This group is not currently used on
Windows.
- Microsoft does not recommend
changing the default configuration
where this security group has zero
members.
- Changing the default configuration
could hinder future scenarios that
rely on this group.
Distributed COM Users Members are allowed to launch,
activate and use Distributed COM
objects on this machine.
Event Log Readers Members of this group can read event
logs from local machine.
Guests
Hyper-V Administrators
IIS_IUSRS
Network Configuration Operators
Performance Log Users
Performance Monitor Users
Power Users
Print Operators
RDS Endpoint Servers
RDS Management Servers
RDS Remote Access Servers
Guests have the same access as
members of the Users group by
default, except for the Guest account
which is further restricted.
Members of this group have complete
and unrestricted access to all features
of Hyper-V.
Built-in group used by Internet
Information Services.
Members in this group can have some
administrative privileges to manage
configuration of networking features.
Members of this group may schedule
logging of performance counters,
enable trace providers, and collect
event traces both locally and via
remote access to this computer.
Members of this group can access
performance counter data locally and
remotely.
Power Users are included for
backwards compatibility and possess
limited administrative powers.
Members can administer printers
installed on domain controllers.
Servers in this group run virtual
machines and host sessions where
users RemoteApp programs and
personal virtual desktops run. This
group needs to be populated on
servers running RD Connection
Broker. RD Session Host servers and
RD Virtualization Host servers used in
the deployment need to be in this
group.
Servers in this group can perform
routine administrative actions on
servers running Remote Desktop
Services. This group needs to be
populated on all servers in a Remote
Desktop Services deployment. The
servers running the RDS Central
Management service must be included
in this group.
Servers in this group enable users of
RemoteApp programs and personal
virtual desktops access to these
resources. In Internet-facing
deployments, these servers are
typically deployed in an edge network.
 This group needs to be populated on
servers running RD Connection
Broker. RD Gateway servers and RD
Web Access servers used in the
deployment need to be in this group.
Remote Desktop Users Members in this group are granted the
right to logon remotely.
Remote Management Users Members of this group can access
WMI resources over management
protocols (such as WS-Management
via the Windows Remote
Management service). This applies
only to WMI namespaces that grant
access to the user.
Replicator Supports file replication in a domain
Storage Replica Administrators Members of this group have complete
and unrestricted access to all features
of Storage Replica.
System Managed Accounts Group Members of this group are managed
by the system.
Users Users are prevented from making
accidental or intentional system-wide
changes and can run most
applications.
SQLServer2005SQLBrowserUser$SUBHVDEV3 Members in the group have the
required access and privileges to be
assigned as the log on account for the
associated instance of SQL Server
Browser.
Table 1.1 List of default local groups