Enforce User Account Control

 You are the Security Analyst for a small corporate network. The company has a single Active Directory domain named CorpNet.xyz. You need to increase the domain's authentication security. You need to make sure that User Account Control (UAC) settings are consistent throughout the domain and in accordance with industry recommendations.

In this lab, your task is to configure the following UAC settings in the Default Domain Policy on CorpDC:

User Account Control	Setting
Admin Approval Mode for the Built-in Administrator account	Enabled
Allow UIAccess applications to prompt for elevation without using the secure desktop	Disabled
Behavior of the elevation prompt for administrators in Admin Approval mode	Prompt for credentials
Behavior of the elevation prompt for standard users	Automatically deny elevation requests
Detect application installations and prompt for elevation	Enabled
Only elevate executables that are signed and validated	Disabled
Only elevate UIAccess applications that are installed in secure locations	Enabled
Run all administrators in Admin Approval Mode	Enabled
Switch to the secure desktop when prompting for elevation	Enabled
Virtualize file and registry write failures to per-user locations	Enabled User Account Control policies are set in a GPO linked to the domain. In this scenario, edit the Default Domain Policy and configure settings in the following path: Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options. EXPLANATION While completing this lab, use the following UAC settings for the Default Domain Policy on CorpDC: User Account Control Setting Admin Approval Mode for the Built-in Administrator account Enabled Allow UIAccess applications to prompt for elevation without using the secure desktop Disabled Behavior of the elevation prompt for administrators in Admin Approval mode Prompt for credentials Behavior of the elevation prompt for standard users Automatically deny elevation requests Detect application installations and prompt for elevation Enabled Only elevate executables that are signed and validated Disabled Only elevate UIAccess applications that are installed in secure locations Enabled Run all administrators in Admin Approval Mode Enabled Switch to the secure desktop when prompting for elevation Enabled Virtualize file and registry write failures to per-user locations Enabled Only elevate UIAccess applications that are installed in secure locations Enabled Run all administrators in Admin Approval Mode Enabled Switch to the secure desktop when prompting for elevation Enabled Virtualize file and registry write failures to per-user locations Enabled Complete this lab as follows: Open Group Policy Management on CorpDC. From Hyper-V Manager, select CORPSERVER. Double-click CorpDC to open the virtual machine. From Server Manager, select Tools > Group Policy Management. Maximize the window for better viewing. Open the Default Domain Policy for editing. Expand Forest: CorpNet.local > Domains > CorpNet.local.>link group policy objects Right-click Default Domain Policy and select Edit. Maximize the window for easier viewing. In Security Options, edit the User Account Control policies . Under Computer Configuration, expand Policies. Expand Windows Settings > Security Settings > Local Policies. Select Security Options. In the right pane, right-click the policy you want to edit and select Properties. Select Define this policy setting. Select Enable or Disable as necessary. Edit the value for the policy as needed and then select OK. Repeat steps 3d–3g for each policy setting