Understanding Group Policy - PowerPoint PPT Presentation

About This Presentation
Title:

Understanding Group Policy

Description:

Understanding Group Policy James Michael Stewart CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K, iNet+ michael_at_itinfopros.com What is Group Policy? A centralized ... – PowerPoint PPT presentation

Number of Views:47
Avg rating:3.0/5.0
Slides: 20
Provided by: LANWrig1
Category:

less

Transcript and Presenter's Notes

Title: Understanding Group Policy


1
Understanding Group Policy
  • James Michael Stewart
  • CISSP, TICSA, CIW SA, CCNA, MCSE NT W2K, iNet
  • michael_at_itinfopros.com

2
What is Group Policy?
  • A centralized collection of operational and
    security controls
  • Available in Active Directory domains
  • Contains items previously found in system
    policies and through editing the Registry (i.e.
    Windows NT)

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
3
Elements of Group Policy
  • general security controls
  • audit
  • user rights
  • passwords
  • accounts lockout
  • Kerberos
  • Public key policies
  • IPSec policies

4
Divisions of Group Policy
  • Computer Configuration
  • User Configuration

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
5
Application of Group Policy
  • Group Policy Objects GPOs
  • Can be applied to any AD container
  • Application order LSDOU
  • Local, Site, Domain, Organizational Unit
  • Last GPO applied takes precedent

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
6
Group Policy Editors
  • MMC snap-in Group Policy
  • Active Directory Domains and Trusts
  • Active Directory Sites and Services

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
7
GPO Application
  • Inheritance by default
  • No Override prevents other GPOs from changing
    settings in this GPO
  • Disabled this GPO is not applied to this
    container
  • Multiple GPOs on same container application
    order
  • Disable Computer Configuration or User
    Configuration
  • Set Allow/Deny for Apply Group Policy to control
    user/group application

8
GPO Limitations
  • If a single user is a member of 70 to 80 groups,
    the respective GPOs may not be applied
  • Problem caused by Kerberos token size 70 to 80
    groups fills the token and causes an error
  • Result is no GPOs are applied

9
GPO Uses
  • Local GPO
  • Windows 2000, XP, .NET

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
10
Security Configuration and Analysis
  • MMC snap-ins
  • Security Configuration and Analysis
  • Security Templates
  • Used to customize Group Policies a.k.a. security
    templates.
  • Several pre-defined security templates for
    client, server, and DC systems of basic,
    compatible, secure, and high security.
  • Analyze current security state

11
GPO Password Policy
  • Min max password age (0-999)
  • Min password length (0-14)
  • History (1 - 24 entries)
  • Passwords must meet complexity requirements
  • Store passwords using reversible encryption for
    all users in the domain

12
GPO Accounts Policy
  • Lockout duration (0 99999 minutes)
  • Failed logon attempts
  • Counter reset after time limit

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
13
GPO Audit Policy
  • Account logon events Account management
  • Directory service access
  • Logon events Object access
  • Policy change Privilege use
  • Process tracking System events
  • Object level controls accessed through Advanced
    Security Properties
  • Audit policy must be enabled in order for audited
    events to be recorded in the Security log

14
GPO User Rights
  • To increase security settings, make the following
    changes
  • Log on locally assigned only to Administrators
    on Servers
  • Shutdown the System assigned only to
    Administrators, Power Users
  • Access computer from network assigned to Users,
    revoke for Administrators and Everyone
  • Restore files/directories revoke for Backup
    Operators
  • Bypass traverse checking assigned to
    Authenticated Users, revoke for Everyone

15
GPO Security Options
  • Numerous security related controls
  • Previous found only as Registry edits

Submit a question anytime by clicking on the Ask
a Question link in the bottom left corner of your
presentation screen.
16
GPO misc
  • Scripts
  • Public Key EFS
  • IPSec
  • Software
  • Administrative Templates
  • Templates for Registry alteration

17
Using GPOs
  • Group similar users
  • Place similar users/groups in separate containers
    (i.e. OUs)
  • Define universal GPOs at domain level
  • Define specific GPOs as far down the
    organizational tree as possible
  • Avoid changing default inheritance mechanism

18
Questions?
Click on the Ask a Question link in the lower
left corner of your screen to ask James Michael
Stewart a question.
19
Thank you for your participation! Did you like
this Webcast? Send us your feedback on this
event and ideas for other event topics at
editor_at_searchwin2000.com.
Write a Comment
User Comments (0)
About PowerShow.com