How to implement GPOs and secure a MS Windows Environment with little to NO user awareness!?!?
-
Upload
shawn-elijah-murphy -
Category
Documents
-
view
227 -
download
0
Transcript of How to implement GPOs and secure a MS Windows Environment with little to NO user awareness!?!?
![Page 1: How to implement GPOs and secure a MS Windows Environment with little to NO user awareness!?!?](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf911a28abf838c8e5db/html5/thumbnails/1.jpg)
How to implement GPOs and secure a MS Windows
Environment with little to NO user awareness!?!?
![Page 2: How to implement GPOs and secure a MS Windows Environment with little to NO user awareness!?!?](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf911a28abf838c8e5db/html5/thumbnails/2.jpg)
Most powerful free tool available to the Windows Administrator
If you can imagine locking, it down it can be done with this tool!
Good AD design and organization allows for ease of management
![Page 3: How to implement GPOs and secure a MS Windows Environment with little to NO user awareness!?!?](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf911a28abf838c8e5db/html5/thumbnails/3.jpg)
Basic GPMC run through Securing basic workstation features Using the GPMC to secure IE6 and IE7 Using the GPMC to manage the windows
firewall Custom Group Policy applications
![Page 4: How to implement GPOs and secure a MS Windows Environment with little to NO user awareness!?!?](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf911a28abf838c8e5db/html5/thumbnails/4.jpg)
Basic Helpful Design and ideas Control Panel Basic context menus to remove Securing certain executables
![Page 5: How to implement GPOs and secure a MS Windows Environment with little to NO user awareness!?!?](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf911a28abf838c8e5db/html5/thumbnails/5.jpg)
![Page 6: How to implement GPOs and secure a MS Windows Environment with little to NO user awareness!?!?](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf911a28abf838c8e5db/html5/thumbnails/6.jpg)
Easier to secure and patch IE than Firefox Zone Trusts Addon and Attachment management
Separates IE from and Big
Allows IE to surpass 3rd party Advantage
browsers in security
![Page 7: How to implement GPOs and secure a MS Windows Environment with little to NO user awareness!?!?](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf911a28abf838c8e5db/html5/thumbnails/7.jpg)
Helps Secure IE.
Setting up this policy allows you to control file extensions downloaded.
Drawback is other browsers. Cannot control what is downloaded through them.
![Page 8: How to implement GPOs and secure a MS Windows Environment with little to NO user awareness!?!?](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf911a28abf838c8e5db/html5/thumbnails/8.jpg)
Not easy to configure but once done
![Page 9: How to implement GPOs and secure a MS Windows Environment with little to NO user awareness!?!?](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf911a28abf838c8e5db/html5/thumbnails/9.jpg)
Built-in Windows Firewall Traffic
Outgoing not blocked Incoming is blocked Vista blocks outgoing
Does not block outgoing traffic “Vista does”
![Page 10: How to implement GPOs and secure a MS Windows Environment with little to NO user awareness!?!?](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf911a28abf838c8e5db/html5/thumbnails/10.jpg)
![Page 11: How to implement GPOs and secure a MS Windows Environment with little to NO user awareness!?!?](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf911a28abf838c8e5db/html5/thumbnails/11.jpg)
Duplicates with remote assistance
If you configure the ports for Remote desktop leave the Allow Remote Desktop Exception to
be Not Configured
![Page 12: How to implement GPOs and secure a MS Windows Environment with little to NO user awareness!?!?](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf911a28abf838c8e5db/html5/thumbnails/12.jpg)
Notice no changes can be made by the User
![Page 13: How to implement GPOs and secure a MS Windows Environment with little to NO user awareness!?!?](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf911a28abf838c8e5db/html5/thumbnails/13.jpg)
Notice Allow echo request!! Don’t be alarmed
![Page 14: How to implement GPOs and secure a MS Windows Environment with little to NO user awareness!?!?](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf911a28abf838c8e5db/html5/thumbnails/14.jpg)
ADVANTAGE Windows Firewall is FREE Is easily manageable
DISADVANTAGE CANNOT BLOCK outgoing request
![Page 15: How to implement GPOs and secure a MS Windows Environment with little to NO user awareness!?!?](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf911a28abf838c8e5db/html5/thumbnails/15.jpg)
A custom Policy can be made for any software that relies on registry key settings.
Must have a copy of the Custom .adm on the local machine if you want to be able to view the settings locally
![Page 16: How to implement GPOs and secure a MS Windows Environment with little to NO user awareness!?!?](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf911a28abf838c8e5db/html5/thumbnails/16.jpg)
Once your policy has been imported. You can view the settings of the policy only by 1. Selecting view from the menu. 2. Then from the pull down menu selecting Filtering 3. Unchecking “Only show policy settings that can be
fully managed."
![Page 17: How to implement GPOs and secure a MS Windows Environment with little to NO user awareness!?!?](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf911a28abf838c8e5db/html5/thumbnails/17.jpg)
![Page 18: How to implement GPOs and secure a MS Windows Environment with little to NO user awareness!?!?](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf911a28abf838c8e5db/html5/thumbnails/18.jpg)
Importing your Custom GPO will debug and output syntax errors.
Custom GPs control registry keys. Once a key is set you must set it to something else if want to disable.
IN OTHER WORDWS: If you set a value for something to be 30.
Setting the policy to Not Configured does not remove the value. You must disable or change the value.
![Page 19: How to implement GPOs and secure a MS Windows Environment with little to NO user awareness!?!?](https://reader035.fdocuments.us/reader035/viewer/2022062305/5697bf911a28abf838c8e5db/html5/thumbnails/19.jpg)
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/management/gp/admtgp.mspx#E1PAC
http://blog.case.edu/djc6/2005/03/09/automatically_log_off_users
http://www.energystar.gov/index.cfm?c=power_mgt.pr_pm_ez_gpo