1. 11 CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY Chapter 8

2. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY2 SECURITY POLICIES

3. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY3 USER CONFIGURATION NODE SECURITY SETTINGS

4. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY4 ACCOUNT POLICIES

5. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY5 PASSWORD POLICY

6. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY6 ACCOUNT LOCKOUT POLICY

7. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY7 KERBEROS POLICY

8. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY8 LOCAL POLICIES

9. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY9 AUDIT POLICY

10. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY10 DEFAULT DOMAIN CONTROLLER AUDIT POLICY

11. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY11 THE CRASHONAUDITFAIL SETTING

12. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY12 AUDITING BEST PRACTICES AND TIPS  Audit only pertinent items.  Archive security logs to provide a documented history.  Understand the following categories:  System events  Policy change  Account management  Logon event versus account logon event  Configure the size of your security logs carefully.  Audit only pertinent items.  Archive security logs to provide a documented history.  Understand the following categories:  System events  Policy change  Account management  Logon event versus account logon event  Configure the size of your security logs carefully.

13. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY13 USER RIGHTS ASSIGNMENT

14. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY14 SECURITY OPTIONS

15. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY15 EVENT LOG POLICY

16. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY16 RESTRICTED GROUPS POLICY

17. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY17 SYSTEM SERVICES POLICY

18. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY18 REGISTRY POLICY

19. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY19 FILE SYSTEM POLICY

20. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY20 WIRELESS NETWORK (IEEE 802.11) POLICIES

21. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY21 PUBLIC KEY POLICIES

22. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY22 SOFTWARE RESTRICTION POLICIES

23. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY23 FOLDER REDIRECTION  Allows you to redirect user folders to a central location  Benefits:  Centralized backup of user files  Centralized access of user files when users change computers  Works with roaming profiles  Allows you to redirect user folders to a central location  Benefits:  Centralized backup of user files  Centralized access of user files when users change computers  Works with roaming profiles

24. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY24 FOLDER REDIRECTION (continued)

25. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY25 OFFLINE FILES

26. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY26 DISK QUOTAS

27. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY27 REFRESH INTERVALS FOR COMPUTERS

28. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY28 REFRESH INTERVALS FOR USERS

29. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY29 MANUALLY REFRESHING GROUP POLICY

30. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY30 OPTIMIZING GROUP POLICY PROCESSING

31. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY31 SUMMARY  Most security settings are in the Computer Configuration node of a GPO.  Domain-wide policies should be made in the Default Domain Controllers GPO. Specifically, account policies such as Password, Account Lockout, and Kerberos belong here.  Local policies are processed first and overwritten by all other policies in the hierarchy.  Auditing can be done at any level, but should be configured carefully. Default Domain Controllers Policy has some default auditing configured. Results are posted to the security log in the Event Viewer.  Most security settings are in the Computer Configuration node of a GPO.  Domain-wide policies should be made in the Default Domain Controllers GPO. Specifically, account policies such as Password, Account Lockout, and Kerberos belong here.  Local policies are processed first and overwritten by all other policies in the hierarchy.  Auditing can be done at any level, but should be configured carefully. Default Domain Controllers Policy has some default auditing configured. Results are posted to the security log in the Event Viewer.

32. Chapter 8: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY32 SUMMARY (continued)  GPOs are refreshed every 90 minutes with a 30- minute offset, except on domain controllers, which refresh GPOs every five minutes.  Disable the unneeded Group Policy portion, either User Settings or Computer Settings.  GPOs are refreshed every 90 minutes with a 30- minute offset, except on domain controllers, which refresh GPOs every five minutes.  Disable the unneeded Group Policy portion, either User Settings or Computer Settings.