CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY - PowerPoint PPT Presentation

1 / 32
About This Presentation
Title:

CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY

Description:

1. CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP ... Local policies are processed first and overwritten by. all other policies in the hierarchy. ... – PowerPoint PPT presentation

Number of Views:179
Avg rating:3.0/5.0
Slides: 33
Provided by: york5
Category:

less

Transcript and Presenter's Notes

Title: CONFIGURING THE USER AND COMPUTER ENVIRONMENT USING GROUP POLICY


1
CONFIGURING THE USER AND COMPUTER ENVIRONMENT
USING GROUP POLICY
  • Chapter 8

2
SECURITY POLICIES
3
USER CONFIGURATION NODE SECURITY SETTINGS
4
ACCOUNT POLICIES
5
PASSWORD POLICY
6
ACCOUNT LOCKOUT POLICY
7
KERBEROS POLICY
8
LOCAL POLICIES
9
AUDIT POLICY
10
DEFAULT DOMAIN CONTROLLER AUDIT POLICY
11
THE CRASHONAUDITFAIL SETTING
12
AUDITING BEST PRACTICES AND TIPS
  • Audit only pertinent items.
  • Archive security logs to provide a documented
    history.
  • Understand the following categories
  • System events
  • Policy change
  • Account management
  • Logon event versus account logon event
  • Configure the size of your security logs
    carefully.

13
USER RIGHTS ASSIGNMENT
14
SECURITY OPTIONS
15
EVENT LOG POLICY
16
RESTRICTED GROUPS POLICY
17
SYSTEM SERVICES POLICY
18
REGISTRY POLICY
19
FILE SYSTEM POLICY
20
WIRELESS NETWORK (IEEE 802.11) POLICIES
21
PUBLIC KEY POLICIES
22
SOFTWARE RESTRICTION POLICIES
23
FOLDER REDIRECTION
  • Allows you to redirect user folders to a central
    location
  • Benefits
  • Centralized backup of user files
  • Centralized access of user files when users
    change computers
  • Works with roaming profiles

24
FOLDER REDIRECTION (continued)
25
OFFLINE FILES
26
DISK QUOTAS
27
REFRESH INTERVALS FOR COMPUTERS
28
REFRESH INTERVALS FOR USERS
29
MANUALLY REFRESHING GROUP POLICY
30
OPTIMIZING GROUP POLICY PROCESSING
31
SUMMARY
  • Most security settings are in the Computer
    Configuration node of a GPO.
  • Domain-wide policies should be made in the
    Default Domain Controllers GPO. Specifically,
    account policies such as Password, Account
    Lockout, and Kerberos belong here.
  • Local policies are processed first and
    overwritten by all other policies in the
    hierarchy.
  • Auditing can be done at any level, but should be
    configured carefully. Default Domain Controllers
    Policy has some default auditing configured.
    Results are posted to the security log in the
    Event Viewer.

32
SUMMARY (continued)
  • GPOs are refreshed every 90 minutes with a
    30-minute offset, except on domain controllers,
    which refresh GPOs every five minutes.
  • Disable the unneeded Group Policy portion, either
    User Settings or Computer Settings.
Write a Comment
User Comments (0)
About PowerShow.com