Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understanding Group Policy James Michael Stewart CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K, iNet+

Published byBrenda Nicholson Modified over 8 years ago

Similar presentations

Presentation on theme: "Understanding Group Policy James Michael Stewart CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K, iNet+"— Presentation transcript:

1 Understanding Group Policy James Michael Stewart CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K, iNet+ michael@itinfopros.com

2 What is Group Policy?  A centralized collection of operational and security controls  Available in Active Directory domains  Contains items previously found in system policies and through editing the Registry (i.e. Windows NT) Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

3 Elements of Group Policy  general security controls  audit  user rights  passwords  accounts lockout  Kerberos  Public key policies  IPSec policies

4 Divisions of Group Policy  Computer Configuration  User Configuration Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

5 Application of Group Policy  Group Policy Objects – GPOs  Can be applied to any AD container  Application order: LSDOU  Local, Site, Domain, Organizational Unit  Last GPO applied takes precedent Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

6 Group Policy Editors  MMC snap-in: Group Policy  Active Directory Domains and Trusts  Active Directory Sites and Services Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

7 GPO Application  Inheritance by default  No Override – prevents other GPOs from changing settings in this GPO  Disabled – this GPO is not applied to this container  Multiple GPOs on same container – application order  Disable Computer Configuration or User Configuration  Set Allow/Deny for Apply Group Policy to control user/group application

8 GPO Limitations  If a single user is a member of 70 to 80 groups, the respective GPOs may not be applied  Problem caused by Kerberos token size – 70 to 80 groups fills the token and causes an error  Result is no GPOs are applied

9 GPO Uses  Local GPO  Windows 2000, XP,.NET Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

10 Security Configuration and Analysis  MMC snap-ins:  Security Configuration and Analysis  Security Templates  Used to customize Group Policies a.k.a. security templates.  Several pre-defined security templates for client, server, and DC systems of basic, compatible, secure, and high security.  Analyze current security state

11 GPO: Password Policy  Min & max password age (0-999)  Min password length (0-14)  History (1 - 24 entries)  Passwords must meet complexity requirements  Store passwords using reversible encryption for all users in the domain

12 GPO: Accounts Policy  Lockout duration (0 – 99999 minutes)  Failed logon attempts  Counter reset after time limit Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

13 GPO: Audit Policy  Account logon eventsAccount management  Directory service access  Logon eventsObject access  Policy changePrivilege use  Process trackingSystem events  Object level controls accessed through Advanced Security Properties  Audit policy must be enabled in order for audited events to be recorded in the Security log

14 GPO: User Rights  To increase security settings, make the following changes:  Log on locally: assigned only to Administrators on Servers  Shutdown the System: assigned only to Administrators, Power Users  Access computer from network: assigned to Users, revoke for Administrators and Everyone  Restore files/directories: revoke for Backup Operators  Bypass traverse checking: assigned to Authenticated Users, revoke for Everyone

15 GPO: Security Options  Numerous security related controls  Previous found only as Registry edits Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

16 GPO: misc  Scripts  Public Key – EFS  IPSec  Software  Administrative Templates  Templates for Registry alteration

17 Using GPOs  Group similar users  Place similar users/groups in separate containers (i.e. OUs)  Define universal GPOs at domain level  Define specific GPOs as far down the organizational tree as possible  Avoid changing default inheritance mechanism

18 Questions? Click on the Ask a Question link in the lower left corner of your screen to ask James Michael Stewart a question.

19 Thank you for your participation! Did you like this Webcast? Send us your feedback on this event and ideas for other event topics at editor@searchwin2000.com.

Download ppt "Understanding Group Policy James Michael Stewart CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K, iNet+"

Similar presentations

MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.

Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
12.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
MIS 431 - Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.

MIS Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
10.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.

Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Guide to MCSE 70-290, Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.

Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
Corso referenti S.I.R.A. – Modulo 2 Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.

Corso referenti S.I.R.A. – Modulo 2 Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.

11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.

Similar presentations

Ads by Google