Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security through Group Policy

Published byGabriella Holmes Modified over 5 years ago

Similar presentations

Presentation on theme: "Security through Group Policy"— Presentation transcript:

1 Security through Group Policy

2 Use Organizational Units (OUs)
Separate Workstations from Users from Servers Separate workstations by function (HR, Payroll, Admins, etc) Separate users based on roles (HR, Payroll, Admins, etc) Organizational Units should be used to group objects by function. This will help user group policies apply to the right users, and computer policies will be applied to the appropriate machines.

3 Stay Current With Patches - SUS
Software Update Service, and in the future, Windows Update Service, is designed to simplify the process of keeping your Windows-based computer up to date with the latest critical updates. SUS and WUS enables you to quickly and reliably deploy critical updates to your servers and workstations running Windows 2000, XP, or 2003. On this easy-to-use interface, you simply check the update you want to push out, and click the Approve button. No additional scripts, and no running around to each workstation every time a new patch comes out.

4 Force Updates with GP Options can be enabled here for pushing patches to machines. For instance, workstations can be forced to patch and reboot, servers can be forced to patch and be manually rebooted, and a testing OU can be exempt from patching. Patches are pulled from one centralized server for an entire network, but multiple servers can be used for load balancing if needed.

5 Use the XP SP2 Firewall The configuration here shows how workstations can be locked down. For each of the “allow program” or “allow port” exceptions, a program or port is specified along with the scope or IP range that is allowed to access that resource. Our group policy only allows ICMP incoming echo requests to get through the firewall, with the only exception being a handful of administrative workstations and servers.

6 Restrict Applications by name
The easiest way to stop unapproved applications such as peer-to-peer or other file-sharing applications is to prevent their execution. If a user tries to run a restricted application, the error shown above pops up and the program does not run. In order to prevent other applications from running, you can also restrict them by a hash instead of the name.

7 Restrict Applications by hash
A hash is like a fingerprint for the file. The hash prevents only the positively identified program from running. This can also be useful if, for example, an older version of wmplayer.exe has a security flaw. The hash can prevent the old version of wmplayer.exe from running, while the current version will still function normally. This method is slightly harder to implement because each version of a program will have a different hash, and must be added to the restricted list seperately.

8 Prevent Workstation Lockouts
Some of you may have experienced workstation lockouts in the past due to a worm or virus that tries to guess the administrator password. If the XP SP2 firewall is used, worms cannot see the machines and will not try to authenticate to them. If the firewall cannot be used however, your security log can be set to overwrite as needed. This slightly diminished security on the workstation, but allows users to continue work uninterrupted.

9 Run a Managed Antivirus Client
Ex: Symantec Antivirus Corporate Ed. Clients pull defs from the server every 15 minutes, or on restart Only one machine (server) needs to be updated with new defs Automatically updated daily, or manually if desired For less than $10 per machine, your entire network can run the newest symantec antivirus client and have access to automatic updates.

10 Conclusion Use OUs to separate users and computers by function
Stay current with patches Use the XP SP2 firewall Restrict applications that violate policy Prevent workstation lockouts Run a managed antivirus program -Organization Units were created to help you organize your domain. Make use of them and it will lighten your workload later. -push patches to workstations & servers so that all machines are protected against possible security holes -use the XP SP2 firewall to prevent unauthorized access -restrict applications that can cause security holes, copyright infringement, or anything that may cause you more work (weatherbug or bonzi buddy for example) -keep machines functional for users by preventing lockouts. For most users, if they can’t log in, they can’t work. -keep workstations virus free without even thinking about it. A 60 minute setup can keep your network virus free. -questions?

Download ppt "Security through Group Policy"

Similar presentations

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
PC Encryption installation progress/password screen Includes comments from: Encryption team Sarah Deane Tony Stieber Selected people who took part in the.

PC Encryption installation progress/password screen Includes comments from: Encryption team Sarah Deane Tony Stieber Selected people who took part in the.
Windows XP Tutorial Securing Windows. Introduction This presentation will guide you through basic security principles for Windows XP.

Windows XP Tutorial Securing Windows. Introduction This presentation will guide you through basic security principles for Windows XP.
WSUS Presented by: Nada Abdullah Ahmed.

WSUS Presented by: Nada Abdullah Ahmed.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Auditing Active Directory Presented to the National State Auditors Association 2014 Information Technology Conference.

Auditing Active Directory Presented to the National State Auditors Association 2014 Information Technology Conference.
WSUS Windows Update Services

WSUS Windows Update Services
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.

Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
Changes in Windows XP Service Pack 2

Changes in Windows XP Service Pack 2
Symantec AntiVirus Update Mark Reynolds Manager of Support Services Technology Support Services Michael Satut Manager of Distributed Support Services Technology.

Symantec AntiVirus Update Mark Reynolds Manager of Support Services Technology Support Services Michael Satut Manager of Distributed Support Services Technology.
Lesson 18: Configuring Application Restriction Policies

Lesson 18: Configuring Application Restriction Policies
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
SUS Services ECE Computer Facilities. SUS Services Software Update Services Microsoft Security And Critical Update Service Microsoft Security And Critical.

SUS Services ECE Computer Facilities. SUS Services Software Update Services Microsoft Security And Critical Update Service Microsoft Security And Critical.
FileSecure Implementation Training Patch Management Version 1.1.

FileSecure Implementation Training Patch Management Version 1.1.
Ch 8-3 Working with domains and Active Directory.

Ch 8-3 Working with domains and Active Directory.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
Chapter 14: Remote Server Administration BAI617. Chapter Topics Configure Windows Server 2008 R2 servers for remote administration Remotely connect to.

Chapter 14: Remote Server Administration BAI617. Chapter Topics Configure Windows Server 2008 R2 servers for remote administration Remotely connect to.

Similar presentations

Ads by Google