Understanding Group Policy James Michael Stewart CISSP TICSA
- Slides: 19
Understanding Group Policy James Michael Stewart CISSP, TICSA, CIW SA, CCNA, MCSE NT & W 2 K, i. Net+ michael@itinfopros. com
What is Group Policy? ®A centralized collection of operational and security controls ® Available in Active Directory domains ® Contains items previously found in system policies and through editing the Registry (i. e. Windows NT) Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.
Elements of Group Policy ® general security controls ® audit ® user rights ® passwords ® accounts lockout ® Kerberos ® Public key policies ® IPSec policies
Divisions of Group Policy ® Computer Configuration ® User Configuration Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.
Application of Group Policy ® Group Policy Objects – GPOs ® Can be applied to any AD container ® Application order: LSDOU ® Local, ® Last Site, Domain, Organizational Unit GPO applied takes precedent Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.
Group Policy Editors ® MMC snap-in: Group Policy ® Active Directory Domains and Trusts ® Active Directory Sites and Services Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.
GPO Application ® Inheritance by default ® No Override – prevents other GPOs from changing settings in this GPO ® Disabled – this GPO is not applied to this container ® Multiple GPOs on same container – application order ® Disable Computer Configuration or User Configuration ® Set Allow/Deny for Apply Group Policy to control user/group application
GPO Limitations ® If a single user is a member of 70 to 80 groups, the respective GPOs may not be applied ® Problem caused by Kerberos token size – 70 to 80 groups fills the token and causes an error ® Result is no GPOs are applied
GPO Uses ® Local GPO ® Windows 2000, XP, . NET Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.
Security Configuration and Analysis ® MMC snap-ins: ® Security Configuration and Analysis ® Security Templates ® Used to customize Group Policies a. k. a. security templates. ® Several pre-defined security templates for client, server, and DC systems of basic, compatible, secure, and high security. ® Analyze current security state
GPO: Password Policy ® Min & max password age (0 -999) ® Min password length (0 -14) ® History (1 - 24 entries) ® Passwords must meet complexity requirements ® Store passwords using reversible encryption for all users in the domain
GPO: Accounts Policy ® Lockout duration (0 – 99999 minutes) ® Failed logon attempts ® Counter reset after time limit Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.
GPO: Audit Policy ® ® ® Account logon events Directory service access Logon events Policy change Process tracking Account management Object access Privilege use System events Object level controls accessed through Advanced Security Properties ® Audit policy must be enabled in order for audited events to be recorded in the Security log ®
GPO: User Rights ® To increase security settings, make the following changes: Log on locally: assigned only to Administrators on Servers ® Shutdown the System: assigned only to Administrators, Power Users ® Access computer from network: assigned to Users, revoke for Administrators and Everyone ® Restore files/directories: revoke for Backup Operators ® Bypass traverse checking: assigned to Authenticated Users, revoke for Everyone ®
GPO: Security Options ® Numerous security related controls ® Previous found only as Registry edits Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.
GPO: misc ® Scripts ® Public Key – EFS ® IPSec ® Software ® Administrative ® Templates for Registry alteration
Using GPOs ® Group similar users ® Place similar users/groups in separate containers (i. e. OUs) ® Define universal GPOs at domain level ® Define specific GPOs as far down the organizational tree as possible ® Avoid changing default inheritance mechanism
Questions? Click on the Ask a Question link in the lower left corner of your screen to ask James Michael Stewart a question.
Thank you for your participation! Did you like this Webcast? Send us your feedback on this event and ideas for other event topics at editor@searchwin 2000. com.
- James michael stewart
- Fiscal policy in macroeconomics
- Soc cissp
- Cissp physical security
- Bcp vs drp cissp
- Cissp disaster recovery steps
- Microsoft cissp
- Snt cissp
- Computer architecture for dummies
- Cissp common body of knowledge
- Cots cissp
- Corrective controls examples
- Cissp
- Cissp quantitative risk analysis
- Cissp
- Cissp chapter 1
- Cissp nedir
- Cissp guide to security essentials
- Shon harris cissp
- Cissp exam cost philippines