1 / 19

Group Policy

Group Policy. How to implement GPOs and secure a MS Windows Environment with little to NO user awareness!?!?. GPMC. Most powerful free tool available to the Windows Administrator If you can imagine locking, it down it can be done with this tool!

viveka
Download Presentation

Group Policy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Group Policy How to implement GPOs and secure a MS Windows Environment with little to NO user awareness!?!?

  2. GPMC • Most powerful free tool available to the Windows Administrator • If you can imagine locking, it down it can be done with this tool! • Good AD design and organization allows for ease of management

  3. Points • Basic GPMC run through • Securing basic workstation features • Using the GPMC to secure IE6 and IE7 • Using the GPMC to manage the windows firewall • Custom Group Policy applications

  4. Basic GPMC • Basic Helpful Design and ideas • Control Panel • Basic context menus to remove • Securing certain executables

  5. Design

  6. Securing IE6 and IE7 • Easier to secure and patch IE than Firefox • Zone Trusts • Addon and Attachment management • Separates IE from and Big • Allows IE to surpass 3rd party Advantage browsers in security

  7. Attachment Manager • Helps Secure IE. • Setting up this policy allows you to control file extensions downloaded. • Drawback is other browsers. Cannot control what is downloaded through them.

  8. Addon Management • Not easy to configure but once done

  9. Firewall • Built-in Windows Firewall • Traffic • Outgoing not blocked • Incoming is blocked • Vista blocks outgoing • Does not block outgoing traffic “Vista does”

  10. Config Notes

  11. Notes • Duplicates with remote assistance • If you configure the ports for Remote desktop • leave the Allow Remote Desktop Exception to be Not Configured

  12. Configured Windows Firewall Notice no changes can be made by the User

  13. Side Notes Notice Allow echo request!! Don’t be alarmed

  14. Firewall Final • ADVANTAGE • Windows Firewall is FREE • Is easily manageable • DISADVANTAGE • CANNOT BLOCK outgoing request

  15. Custom GPs • A custom Policy can be made for any software that relies on registry key settings. • Must have a copy of the Custom .adm on the local machine if you want to be able to view the settings locally

  16. Where is my custom policy • Once your policy has been imported. You can view the settings of the policy only by • Selecting view from the menu. • Then from the pull down menu selecting Filtering • Unchecking “Only show policy settings that can be fully managed."

  17. Notes about Custom GPOs • Importing your Custom GPO will debug and output syntax errors. • Custom GPs control registry keys. Once a key is set you must set it to something else if want to disable. • IN OTHER WORDWS: • If you set a value for something to be 30. Setting the policy to Not Configured does not remove the value. You must disable or change the value.

  18. Custom GPO URLS • http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/management/gp/admtgp.mspx#E1PAC • http://blog.case.edu/djc6/2005/03/09/automatically_log_off_users • http://www.energystar.gov/index.cfm?c=power_mgt.pr_pm_ez_gpo

More Related