Understanding Group Policy James Michael Stewart CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K, iNet+

Slides:



Advertisements
Similar presentations
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
Advertisements

Lesson 17: Configuring Security Policies
Khan Rashid Lesson 11-The Best Policy: Managing Computers and Users Through Group Policy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
MIS Chapter 91 Ch. 9 – Implement and Use Group Policy MIS 431 – created Spring 2006.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Chapter 8 Chapter 8: Managing the Server Through Accounts and Groups.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
Corso referenti S.I.R.A. – Modulo 2 Local Security 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
Module 8: Implementing Administrative Templates and Audit Policy.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.
9.1 © 2004 Pearson Education, Inc. Lesson 9: Implementing Group Policy in Windows 2000 Server Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 3: Introducing Active Directory.
1 Chapter Overview Understanding Group Policies Implementing Group Policies Using Security Policies Troubleshooting Group Policy Problems.
Corso referenti S.I.R.A. – Modulo 2 07 – Group Policy 20/11 – 27/11 – 05/12 11/12 – 13/12 (gruppo 1) 12/12 – 15/12 (gruppo 2) Cristiano Gentili, Massimiliano.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Using Group Policy to Manage User Environments. Overview Introduction to Managing User Environments Introduction to Administrative Templates Assigning.
70-270: MCSE Guide to Microsoft Windows XP Professional Second Edition, Enhanced Chapter 6: Windows XP Security and Access Controls.
September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.
Hands-On Microsoft Windows Server 2008
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Managing Network Security ref: Overview Using Group Policy to Secure the User Environment Using Group Policy to Configure Account Policies.
Designing Active Directory for Security
Windows Server 2003 Overview 1 Windows 2003 Server Overview Ayaz
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 22 Local Security Polcies 1.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 UNDERSTANDING USER ACCOUNTS  Local user accounts  stored in the Security.
1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.
8.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.
Lesson 17-Windows 2000/Windows 2003 Server Security Issues.
Module 6: Implementing Group Policy. Overview Implementing Group Policy Objects Implementing GPOs in a Domain Managing the Deployment of Group Policy.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
Configuring the User and Computer Environment Using Group Policy Lesson 8.
Some overlap exists between the settings of the MMC and the settings of the registry. The MMC is extensible. Policies and properties can be edited via.
1 Part-1 Chap 5 Configuring Accounts Definitions.
Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.
Page 1 System and Group Policies Lecture 7 Hassan Shuja 11/02/2004.
Active Directory Group Policy. Group Policy Overview  Successor to NT policies Much more flexible  Only applies to 2000 workstations Use old style policies.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 11: Group Policy for Corporate Policy.
Windows 2000 Security Yingzi Jin. Introduction n Active Directory n Group Policy n Encrypting File System.
Module 7: Implementing Security Using Group Policy.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
NetTech Solutions Security and Security Permissions Lesson Nine.
Week 4 Objectives Overview of Group Policy Group Policy Processing Implementing a Central Store for Administrative Templates.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
10.1 © 2004 Pearson Education, Inc. Lesson 10: Specifying Group Policy Settings Exam Microsoft® Windows® 2000 Directory Services Infrastructure.
GROUP POLICY. Group Policy is a hierarchical infrastructure which allows systems administrators to configure computer and user settings from a central.
Unit 8 NT1330 Client-Server Networking II Date: 2?10/2016
1.1 Microsoft® Windows® 2003 Server Group Policy Management Prof. Abdul Hameed.
Configuring the User and Computer Environment Using Group Policy Lesson 8.
11 CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY Chapter 8.
Assignment # 8.
Configuring Windows Firewall with Advanced Security
Unit 8 NT1330 Client-Server Networking II Date: 8/2/2016
Presentation transcript:

Understanding Group Policy James Michael Stewart CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K, iNet+

What is Group Policy?  A centralized collection of operational and security controls  Available in Active Directory domains  Contains items previously found in system policies and through editing the Registry (i.e. Windows NT) Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

Elements of Group Policy  general security controls  audit  user rights  passwords  accounts lockout  Kerberos  Public key policies  IPSec policies

Divisions of Group Policy  Computer Configuration  User Configuration Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

Application of Group Policy  Group Policy Objects – GPOs  Can be applied to any AD container  Application order: LSDOU  Local, Site, Domain, Organizational Unit  Last GPO applied takes precedent Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

Group Policy Editors  MMC snap-in: Group Policy  Active Directory Domains and Trusts  Active Directory Sites and Services Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

GPO Application  Inheritance by default  No Override – prevents other GPOs from changing settings in this GPO  Disabled – this GPO is not applied to this container  Multiple GPOs on same container – application order  Disable Computer Configuration or User Configuration  Set Allow/Deny for Apply Group Policy to control user/group application

GPO Limitations  If a single user is a member of 70 to 80 groups, the respective GPOs may not be applied  Problem caused by Kerberos token size – 70 to 80 groups fills the token and causes an error  Result is no GPOs are applied

GPO Uses  Local GPO  Windows 2000, XP,.NET Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

Security Configuration and Analysis  MMC snap-ins:  Security Configuration and Analysis  Security Templates  Used to customize Group Policies a.k.a. security templates.  Several pre-defined security templates for client, server, and DC systems of basic, compatible, secure, and high security.  Analyze current security state

GPO: Password Policy  Min & max password age (0-999)  Min password length (0-14)  History ( entries)  Passwords must meet complexity requirements  Store passwords using reversible encryption for all users in the domain

GPO: Accounts Policy  Lockout duration (0 – minutes)  Failed logon attempts  Counter reset after time limit Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

GPO: Audit Policy  Account logon eventsAccount management  Directory service access  Logon eventsObject access  Policy changePrivilege use  Process trackingSystem events  Object level controls accessed through Advanced Security Properties  Audit policy must be enabled in order for audited events to be recorded in the Security log

GPO: User Rights  To increase security settings, make the following changes:  Log on locally: assigned only to Administrators on Servers  Shutdown the System: assigned only to Administrators, Power Users  Access computer from network: assigned to Users, revoke for Administrators and Everyone  Restore files/directories: revoke for Backup Operators  Bypass traverse checking: assigned to Authenticated Users, revoke for Everyone

GPO: Security Options  Numerous security related controls  Previous found only as Registry edits Submit a question anytime by clicking on the Ask a Question link in the bottom left corner of your presentation screen.

GPO: misc  Scripts  Public Key – EFS  IPSec  Software  Administrative Templates  Templates for Registry alteration

Using GPOs  Group similar users  Place similar users/groups in separate containers (i.e. OUs)  Define universal GPOs at domain level  Define specific GPOs as far down the organizational tree as possible  Avoid changing default inheritance mechanism

Questions? Click on the Ask a Question link in the lower left corner of your screen to ask James Michael Stewart a question.

Thank you for your participation! Did you like this Webcast? Send us your feedback on this event and ideas for other event topics at