Security through Group Policy

Slides:

Advertisements

Similar presentations

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.

Advertisements

PC Encryption installation progress/password screen Includes comments from: Encryption team Sarah Deane Tony Stieber Selected people who took part in the.

Windows XP Tutorial Securing Windows. Introduction This presentation will guide you through basic security principles for Windows XP.

WSUS Presented by: Nada Abdullah Ahmed.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Auditing Active Directory Presented to the National State Auditors Association 2014 Information Technology Conference.

WSUS Windows Update Services

Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.

Changes in Windows XP Service Pack 2

Symantec AntiVirus Update Mark Reynolds Manager of Support Services Technology Support Services Michael Satut Manager of Distributed Support Services Technology.

Lesson 18: Configuring Application Restriction Policies

Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Maintaining and Updating Windows Server 2008

SUS Services ECE Computer Facilities. SUS Services Software Update Services Microsoft Security And Critical Update Service Microsoft Security And Critical.

FileSecure Implementation Training Patch Management Version 1.1.

Ch 8-3 Working with domains and Active Directory.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Hands-On Microsoft Windows Server 2008

Chapter 14: Remote Server Administration BAI617. Chapter Topics Configure Windows Server 2008 R2 servers for remote administration Remotely connect to.

Remote Desktop Services Remote Desktop Connection Remote Desktop Protocol Remote Assistance Remote Server Administration T0ols.

Week #7 Objectives: Secure Windows 7 Desktop

Chapter 13 – Network Security

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

Raven Services Update December 2003 David Wallis Senior Systems Consultant Raven Computers Ltd.

11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.

Chapter 4 Initial Configuration Tasks. Understanding the Initial Configuration Tasks window Microsoft now provides a new feature, the Initial Configuration.

Installing SIGNZ on a stand- alone machine. These slides will guide you through the installation of the SIGNZ ‘server’ and ‘client’ components on one machine.

INSTALLATION HANDS-ON. Page 2 About the Hands-On This hands-on section is structured in a way, that it allows you to work independently, but still giving.

DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.

Computer Emergency Notification System (CENS)

Active Directory Harikrishnan V G 18 March Presentation titlePage 2 Agenda ► Introduction – Active Directory ► Directory Service ► Benefits of Active.

Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Module 7: Implementing Security Using Group Policy.

Week 4 Objectives Overview of Group Policy Group Policy Processing Implementing a Central Store for Administrative Templates.

The world leader in serving science Overview of Thermo 21 CFR Part 11 tools Overview of software used by multiple business units within the Spectroscopy.

Module 10: Windows Firewall and Caching Fundamentals.

IS493 INFORMATION SECURITY TUTORIAL # 1 (S ) ASHRAF YOUSSEF.

Chapter 4- Part3. 2 Implementing User Profiles A local user profile is automatically created at the local computer when you log on with an account for.

Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.

Linux Operations and Administration

Module 8 Implementing Security Using Group Policy.

GROUP POLICY. Group Policy is a hierarchical infrastructure which allows systems administrators to configure computer and user settings from a central.

Overview Microsoft Windows XP Pro (SP2) Microsoft Windows Server 2003 User accounts and groups File sharing and file permissions Password/Lockout Policy.

XPSP2 “Basic Gotchas” Security Center “Welcome” –May be confusing –Gives a “No Antivirus” warning for machines with SAV which have NOT been patched for.

Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.

FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.

Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.

Lesson 19: Configuring and Managing Updates

Chapter 5 Electronic Commerce | Security Threats - Solution

Chapter 6 Application Hardening

Configuring Windows Firewall with Advanced Security

Chapter 5 Electronic Commerce | Security Threats - Solution

How to Fix Windows 10 Update Error 0x ?.

Lesson #8 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 8 Configuring Applications and Internet Explorer.

Unit 8 NT1330 Client-Server Networking II Date: 8/2/2016

QuickBooks Error Code is displayed when the verification of the database connection fails or QuickBooks tries to access company files. Due to the.

Unit 27: Network Operating Systems

DHCP, DNS, Client Connection, Assignment 1 1.3

Information Security Session October 24, 2005

Chapter 9 MANAGING SOFTWARE.

Configuration Of A Pull Network.

Network hardening Chapter 14.

Operating System Hardening

Designing IIS Security (IIS – Internet Information Service)

Installing Windows Exam: 902

Implementing Advanced Server and Client Security

How to install and manage exchange server 2010 OP Saklani.

Presentation transcript:

Security through Group Policy

Use Organizational Units (OUs) Separate Workstations from Users from Servers Separate workstations by function (HR, Payroll, Admins, etc) Separate users based on roles (HR, Payroll, Admins, etc) Organizational Units should be used to group objects by function. This will help user group policies apply to the right users, and computer policies will be applied to the appropriate machines.

Stay Current With Patches - SUS Software Update Service, and in the future, Windows Update Service, is designed to simplify the process of keeping your Windows-based computer up to date with the latest critical updates. SUS and WUS enables you to quickly and reliably deploy critical updates to your servers and workstations running Windows 2000, XP, or 2003. On this easy-to-use interface, you simply check the update you want to push out, and click the Approve button. No additional scripts, and no running around to each workstation every time a new patch comes out.

Force Updates with GP Options can be enabled here for pushing patches to machines. For instance, workstations can be forced to patch and reboot, servers can be forced to patch and be manually rebooted, and a testing OU can be exempt from patching. Patches are pulled from one centralized server for an entire network, but multiple servers can be used for load balancing if needed.

Use the XP SP2 Firewall The configuration here shows how workstations can be locked down. For each of the “allow program” or “allow port” exceptions, a program or port is specified along with the scope or IP range that is allowed to access that resource. Our group policy only allows ICMP incoming echo requests to get through the firewall, with the only exception being a handful of administrative workstations and servers.

Restrict Applications by name The easiest way to stop unapproved applications such as peer-to-peer or other file-sharing applications is to prevent their execution. If a user tries to run a restricted application, the error shown above pops up and the program does not run. In order to prevent other applications from running, you can also restrict them by a hash instead of the name.

Restrict Applications by hash A hash is like a fingerprint for the file. The hash prevents only the positively identified program from running. This can also be useful if, for example, an older version of wmplayer.exe has a security flaw. The hash can prevent the old version of wmplayer.exe from running, while the current version will still function normally. This method is slightly harder to implement because each version of a program will have a different hash, and must be added to the restricted list seperately.

Prevent Workstation Lockouts Some of you may have experienced workstation lockouts in the past due to a worm or virus that tries to guess the administrator password. If the XP SP2 firewall is used, worms cannot see the machines and will not try to authenticate to them. If the firewall cannot be used however, your security log can be set to overwrite as needed. This slightly diminished security on the workstation, but allows users to continue work uninterrupted.

Run a Managed Antivirus Client Ex: Symantec Antivirus Corporate Ed. Clients pull defs from the server every 15 minutes, or on restart Only one machine (server) needs to be updated with new defs Automatically updated daily, or manually if desired For less than $10 per machine, your entire network can run the newest symantec antivirus client and have access to automatic updates.

Conclusion Use OUs to separate users and computers by function Stay current with patches Use the XP SP2 firewall Restrict applications that violate policy Prevent workstation lockouts Run a managed antivirus program -Organization Units were created to help you organize your domain. Make use of them and it will lighten your workload later. -push patches to workstations & servers so that all machines are protected against possible security holes -use the XP SP2 firewall to prevent unauthorized access -restrict applications that can cause security holes, copyright infringement, or anything that may cause you more work (weatherbug or bonzi buddy for example) -keep machines functional for users by preventing lockouts. For most users, if they can’t log in, they can’t work. -keep workstations virus free without even thinking about it. A 60 minute setup can keep your network virus free. -questions?