Understanding Group Policy Object Windows Server
AndikSusilo4
18 views
19 slides
Jul 23, 2024
Slide 1 of 19
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
About This Presentation
Understanding Group Policy
Slide Content
Understanding Group Policy
James Michael Stewart
CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K,
iNet+
[email protected]
James Michael Stewart
CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K,
iNet+
[email protected]
What is Group Policy?
A centralized collection of operational
and security controls
Available in Active Directory domains
Contains items previously found in
system policies and through editing the
Registry (i.e. Windows NT)
Submit a question anytime by clicking on the Ask a Question
link in the bottom left corner of your presentation screen.
A centralized collection of operational
and security controls
Available in Active Directory domains
Contains items previously found in
system policies and through editing the
Registry (i.e. Windows NT)
Submit a question anytime by clicking on the Ask a Question
link in the bottom left corner of your presentation screen.
Elements of Group Policy
general security controls
audit
user rights
passwords
accounts lockout
Kerberos
Public key policies
IPSec policies
general security controls
audit
user rights
passwords
accounts lockout
Kerberos
Public key policies
IPSec policies
Divisions of Group Policy
Computer Configuration
User Configuration
Submit a question anytime by clicking on the Ask a Question
link in the bottom left corner of your presentation screen.
Computer Configuration
User Configuration
Submit a question anytime by clicking on the Ask a Question
link in the bottom left corner of your presentation screen.
Application of Group Policy
Group Policy Objects –GPOs
Can be applied to any AD container
Application order: LSDOU
Local, Site, Domain, Organizational Unit
Last GPO applied takes precedent
Submit a question anytime by clicking on the Ask a Question
link in the bottom left corner of your presentation screen.
Group Policy Objects –GPOs
Can be applied to any AD container
Application order: LSDOU
Local, Site, Domain, Organizational Unit
Last GPO applied takes precedent
Submit a question anytime by clicking on the Ask a Question
link in the bottom left corner of your presentation screen.
Group Policy Editors
MMC snap-in: Group Policy
Active Directory Domains and Trusts
Active Directory Sites and Services
Submit a question anytime by clicking on the Ask a Question
link in the bottom left corner of your presentation screen.
MMC snap-in: Group Policy
Active Directory Domains and Trusts
Active Directory Sites and Services
Submit a question anytime by clicking on the Ask a Question
link in the bottom left corner of your presentation screen.
GPO Application
Inheritance by default
No Override –prevents other GPOs from
changing settings in this GPO
Disabled –this GPO is not applied to this
container
Multiple GPOs on same container –
application order
Disable Computer Configuration or User
Configuration
Set Allow/Deny for Apply Group Policy to
control user/group application
Inheritance by default
No Override –prevents other GPOs from
changing settings in this GPO
Disabled –this GPO is not applied to this
container
Multiple GPOs on same container –
application order
Disable Computer Configuration or User
Configuration
Set Allow/Deny for Apply Group Policy to
control user/group application
GPO Limitations
If a single user is a member of 70 to 80
groups, the respective GPOs may not
be applied
Problem caused by Kerberos token size
–70 to 80 groups fills the token and
causes an error
Result is no GPOs are applied
If a single user is a member of 70 to 80
groups, the respective GPOs may not
be applied
Problem caused by Kerberos token size
–70 to 80 groups fills the token and
causes an error
Result is no GPOs are applied
GPO Uses
Local GPO
Windows 2000, XP, .NET
Submit a question anytime by clicking on the Ask a Question
link in the bottom left corner of your presentation screen.
Local GPO
Windows 2000, XP, .NET
Submit a question anytime by clicking on the Ask a Question
link in the bottom left corner of your presentation screen.
Security Configuration and
Analysis
MMC snap-ins:
Security Configuration and Analysis
Security Templates
Used to customize Group Policies a.k.a.
security templates.
Several pre-defined security templates for
client, server, and DC systems of basic,
compatible, secure, and high security.
Analyze current security state
Analysis
MMC snap-ins:
Security Configuration and Analysis
Security Templates
Used to customize Group Policies a.k.a.
security templates.
Several pre-defined security templates for
client, server, and DC systems of basic,
compatible, secure, and high security.
Analyze current security state
GPO: Password Policy
Min & max password age (0-999)
Min password length (0-14)
History (1 -24 entries)
Passwords must meet complexity
requirements
Store passwords using reversible
encryption for all users in the domain
Min & max password age (0-999)
Min password length (0-14)
History (1 -24 entries)
Passwords must meet complexity
requirements
Store passwords using reversible
encryption for all users in the domain
GPO: Accounts Policy
Lockout duration (0 –99999 minutes)
Failed logon attempts
Counter reset after time limit
Submit a question anytime by clicking on the Ask a Question
link in the bottom left corner of your presentation screen.
Lockout duration (0 –99999 minutes)
Failed logon attempts
Counter reset after time limit
Submit a question anytime by clicking on the Ask a Question
link in the bottom left corner of your presentation screen.
GPO: Audit Policy
Account logon events Account management
Directory service access
Logon events Object access
Policy change Privilege use
Process tracking System events
Object level controls accessed through Advanced
Security Properties
Audit policy must be enabled in order for audited
events to be recorded in the Security log
Account logon events Account management
Directory service access
Logon events Object access
Policy change Privilege use
Process tracking System events
Object level controls accessed through Advanced
Security Properties
Audit policy must be enabled in order for audited
events to be recorded in the Security log
GPO: User Rights
To increase security settings, make the
following changes:
Log on locally: assigned only to Administrators on
Servers
Shutdown the System: assigned only to
Administrators, Power Users
Access computer from network: assigned to
Users, revoke for Administrators and Everyone
Restore files/directories: revoke for Backup
Operators
Bypass traverse checking: assigned to
Authenticated Users, revoke for Everyone
To increase security settings, make the
following changes:
Log on locally: assigned only to Administrators on
Servers
Shutdown the System: assigned only to
Administrators, Power Users
Access computer from network: assigned to
Users, revoke for Administrators and Everyone
Restore files/directories: revoke for Backup
Operators
Bypass traverse checking: assigned to
Authenticated Users, revoke for Everyone
GPO: Security Options
Numerous security related controls
Previous found only as Registry edits
Submit a question anytime by clicking on the Ask a Question
link in the bottom left corner of your presentation screen.
Numerous security related controls
Previous found only as Registry edits
Submit a question anytime by clicking on the Ask a Question
link in the bottom left corner of your presentation screen.
GPO: misc
Scripts
Public Key –EFS
IPSec
Software
Administrative Templates
Templates for Registry alteration
Scripts
Public Key –EFS
IPSec
Software
Administrative Templates
Templates for Registry alteration
Using GPOs
Group similar users
Place similar users/groups in separate
containers (i.e. OUs)
Define universal GPOs at domain level
Define specific GPOs as far down the
organizational tree as possible
Avoid changing default inheritance
mechanism
Group similar users
Place similar users/groups in separate
containers (i.e. OUs)
Define universal GPOs at domain level
Define specific GPOs as far down the
organizational tree as possible
Avoid changing default inheritance
mechanism
Questions?
Click on the Ask a Questionlink
in the lower left corner of your
screen to ask James Michael
Stewart a question.
Click on the Ask a Questionlink
in the lower left corner of your
screen to ask James Michael
Stewart a question.
Thank you
for your participation!
Did you like this Webcast?
Send us your feedback on this event
and ideas for other event topics
at [email protected].
for your participation!
Did you like this Webcast?
Send us your feedback on this event
and ideas for other event topics
at [email protected].
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 18
- Slides 19
- Age 500 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
33 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
36 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
33 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views