Group Policy

From AlphaBook
Jump to: navigation, search

Group Policy Object Features

  • GPO Security Filtering - The settings in this GPO can only apply to the following groups, users, and computers:
  • GPO Settings - A general report of the GPO
  • WMI Filtering - For example apply to Windows 7 OS only
  • Block Inheritance
  • Enforced
  • Link Order (The lowest link order, the highest priority)

Apply order

  • Local policy -> Site group policy -> Domain group policy -> OU group policy -> Sub-OU group policy (highest priority)

Default Domain Policy

  • Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy
    • Enforce password history - 24 password remembered
    • Maximum password age - 42 days
    • Minium password age - 1 days
    • Password must meet complexity requirements - Enabled
      • Not contain the user's account name or parts of the user's full name that exceed two consecutive characters
      • Be at least six characters in length
      • Contain characters from three of the following four categories
    • Store passwords using reversible encryption - Disabled
  • Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Account Lockout Policy
    • Account lockout threshold - 0 invalid logon attempts (Disabled)
  • Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Kerberos Policy
    • Maximum tolerance for computer clock synchronization - 5 minutes
  • ... ...

Default Domain Controllers Policy

  • Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies User Right Assignment
    • Add workstation to domain - NT AUTHORITY\Authenticated Users
  • ... ...

Customized group policy

  • Password Policy
    • Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Enforce password history
    • Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Maximum password age
    • Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Minumum password age
    • Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Minimum password length
    • Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Password must meeting complexity requirements
    • Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Store passwords using reversible encryption
  • Account lockout Policy
    • Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Account Lockout policy\Account lockout duration
    • Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Account Lockout policy\Account lockout threshhold
    • Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Account Lockout policy\Reset account lockout counter after
  • Interactive logon message
    • Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon:Message text for users attermpting to log on
    • Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon:Message title for users attermpting to log on
  • System Services
    • Computer Configuration\Policies\Windows Settings\Security Settings\System Services\Offline Files (Automatic/Manual/Disabled)
  • Enable Remote Desktop
    • Computer Configuration\Polices\Administrative Templates\Windows Components\Remote Desktop Session Host\Connections\Allow users to connect remotely by using Remote Desktop Services
    • Computer Configuration\Polices\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\Windows Firewall : Allow inbound Remote Desktop exceptions
  • Windows Firewall
    • Computer Configuration\Polices\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile
    • Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Inbound Rules
    • Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Outbound Rules
  • Certificate
    • Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies\Trusted Root Certification Ahthorities
  • Audit User Account Management (include user account lockout/Event ID 4740)
    • Computer Configuration\Policies\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Account Management\Audit User Account Management
  • Windows Update
    • Computer Configuration\Policies\Windows Settings\Administrative Templates\Windows Components\Windows Update\Specify intranet Microsoft update service location
    • Computer Configuration\Policies\Windows Settings\Administrative Templates\Windows Components\Windows Update\Configure Automatic Updates (Auto download and notify for install)
  • Registry
    • Computer Configuration\Preferences\Windows Settings\Registry
  • Network Shares
    • Computer Configuration\Preferences\Windows Settings\Network Shares
  • Local Users and Groups
    • Computer Configuration\Preferences\Control Panel Settings\Local Users and Groups
  • Desktop Wallpaper
    • User Configuration\Policies\Administrative Templates\Desktop\Desktop Wallpaper
  • Internet Explorer
    • User Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer
  • ... ...
Retrieved from "http://49.232.164.96/index.php?title=Group_Policy&oldid=145"