SlideShare une entreprise Scribd logo
1  sur  14
Télécharger pour lire hors ligne
Network Implementation &
Support
Chapter 9
Group Policy

Eric Vanderburg © 2006
Group Policy
• Contained in GPO (Group Policy Objects) which
are linked to Sites, Domains, or OUs
• GPC (Group Policy Container) – Info about the
GPO such as version used for synchronization.
– Enable advanced view AD Users &
ComputersSystemPolicies

• GPT (Group Policy Template) – All the settings
for the policy. Stored in %Systemroot
%SysvolDomainPolicies
• Registry.pol – All registry settings
• GUID (Global Unique Identifier) – 128 bit
number used to identify GPCs and GPTs.
Unique to the forest.
Eric Vanderburg © 2006
Scripts
• Computer
– Startup
– Shutdown

• User
– Logon
– Logoff

•
•
•
•
•

Software settingsWindows settings
Modify order
Time out
Asynchronous – run at same time
Hidden or not
Eric Vanderburg © 2006
Default GPOs
• Default Domain Policy
– Applied to domain
– Password policy, account policy, & kerberos
can only be set here

• Default Domain Controllers Policy
– Applied to DC container

• Create others in the Group Policy Object
Editor MMC or from AD Users &
Computers
Eric Vanderburg © 2006
Settings
• Undefined – can be set by a higher GPO
• Enabled
• Disabled
• Priorities
– LSDOU (Local Site Domain Organizational
Unit)
– The last one applied takes precedence
– No override (under options)
– Block Policy Inheritance (under options)
Eric Vanderburg © 2006
Applying Group Policy
1. Computer starts up & queries the DC for GPOs
that apply
2. Startup scripts run
3. GPTs are downloaded form the sysvol share
and applied in order
4. User logs on
5. DC is queried again
6. Logon scripts run
7. GPTs are downloaded and applied
8. Software policies execute
Eric Vanderburg © 2006
• Administrative Templates
–
–
–
–

User settings
Applications
Control panel
GUI

• Windows Settings
– IE
– RIS
– Folder redirection

• Software Settings
– Installation & maintenance / upgrade
Eric Vanderburg © 2006
Administrative Templates
• Windows Components (both)
– IE, Netmeeting, Tasks

• System (both)
– Disks quotas, Driver signing, Code signing

• Network (both)
– Offline files & folders, dial up connections, VPNs

• Printers (computer)
• Start menu & taskbar
• Desktop (user)
– Wallpaper, which icons display, Active desktop enabled

• Control panel (user)
– Applets that appear

• Shared folders (user)
– DFS

Eric Vanderburg © 2006
Security Settings
• Local Policies
– Applied first
– Audit policy – what is in the event logs
– User Rights Assignment – what can be done
on the machine
– Security Options – Logon banner, restrict
access to media, remove logon

• Event Log – size, retention
• Restricted groups – restores users to
certain groups or groups to groups
Eric Vanderburg © 2006
Security Settings
• System Services – how they start up (auto
manual, on off)
• Registry – permissions to registry
• File Systems – permissions & auditing
• Wireless network – SSID, encryption,
order
• Public Key Policies – EFS, autoenrollment, CA trusts
• Software Restriction Policies
• IP Security Policies – enable policies
Eric Vanderburg © 2006
Folder Redirection
• Folders
– Application Data
– Desktop
– My Documents
– Start Menu

• Stored on network
• Settings
– Grant permissions to folder
– Move contents to network
– Redirect back to local when removed
Eric Vanderburg © 2006
Permissions
• Must have these permissions for the GP to
apply
– Apply Group Policy permissions
– Read

• Gpresult – RSoP (Resultant Set of
Policies)
• Gpupdate /force

Eric Vanderburg © 2006
Software Deployment
• Place MSI in shared folder
• EXE can be installed with ZAP file
– ZAPs cannot be assigned and will not repair
themselves

• Assigned Apps – shortcut is created and it is
installed on first run
• Published Apps – appears in Add/Remove
programs
• Upgrades – mandatory, optional, completely
redeploy
• Removal – forced or optional, no new installs
Eric Vanderburg © 2006
Acronyms
•
•
•
•
•
•

GUID, Global Unique Identifier
GPC, Group Policy Container
GPO, Group Policy Object
GPT, Group Policy Template
MSI, Microsoft Installer
RSoP, Resultant Set of Policy

Eric Vanderburg © 2006

Contenu connexe

En vedette (9)

Socket Programming
Socket ProgrammingSocket Programming
Socket Programming
 
Unit 3
Unit 3Unit 3
Unit 3
 
Np unit2
Np unit2Np unit2
Np unit2
 
HIGH SPEED NETWORKS
HIGH SPEED NETWORKSHIGH SPEED NETWORKS
HIGH SPEED NETWORKS
 
Network Sockets
Network SocketsNetwork Sockets
Network Sockets
 
Application Performance Monitoring
Application Performance MonitoringApplication Performance Monitoring
Application Performance Monitoring
 
HIGH SPEED NETWORKS
HIGH SPEED NETWORKSHIGH SPEED NETWORKS
HIGH SPEED NETWORKS
 
Internet architecture
Internet architectureInternet architecture
Internet architecture
 
OSI Model of Networking
OSI Model of NetworkingOSI Model of Networking
OSI Model of Networking
 

Similaire à Network Implementation and Support Lesson 09 Group Policy - Eric Vanderburg

Securing Windows with Group Policy
Securing Windows with Group PolicySecuring Windows with Group Policy
Securing Windows with Group PolicyJosh Rickard
 
Operating system security
Operating system securityOperating system security
Operating system securityRamesh Ogania
 
MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410omardabbas
 
(Ab)Using GPOs for Active Directory Pwnage
(Ab)Using GPOs for Active Directory Pwnage(Ab)Using GPOs for Active Directory Pwnage
(Ab)Using GPOs for Active Directory PwnagePetros Koutroumpis
 
Microsoft Offical Course 20410C_12
Microsoft Offical Course 20410C_12Microsoft Offical Course 20410C_12
Microsoft Offical Course 20410C_12gameaxt
 
Lecture 11 managing the network
Lecture 11   managing the networkLecture 11   managing the network
Lecture 11 managing the networkWiliam Ferraciolli
 
Best practices in Deploying SUSE CaaS Platform v3
Best practices in Deploying SUSE CaaS Platform v3Best practices in Deploying SUSE CaaS Platform v3
Best practices in Deploying SUSE CaaS Platform v3Juan Herrera Utande
 
Computer Architecture - Software - Lesson 10 - Hard Drive Management / Logica...
Computer Architecture - Software - Lesson 10 - Hard Drive Management / Logica...Computer Architecture - Software - Lesson 10 - Hard Drive Management / Logica...
Computer Architecture - Software - Lesson 10 - Hard Drive Management / Logica...Eric Vanderburg
 
Network Implementation and Support Lesson 14 Security Features - Eric Vande...
Network Implementation and Support Lesson 14   Security Features - Eric Vande...Network Implementation and Support Lesson 14   Security Features - Eric Vande...
Network Implementation and Support Lesson 14 Security Features - Eric Vande...Eric Vanderburg
 
Network Implementation and Support Lesson 10 Server Administration - Eric V...
Network Implementation and Support Lesson 10   Server Administration - Eric V...Network Implementation and Support Lesson 10   Server Administration - Eric V...
Network Implementation and Support Lesson 10 Server Administration - Eric V...Eric Vanderburg
 
AppSense EM 8.5 Deep Dive
AppSense EM 8.5 Deep DiveAppSense EM 8.5 Deep Dive
AppSense EM 8.5 Deep DiveDave Allen
 
Frokost seminar windows 8 februar 2013
Frokost seminar   windows 8 februar 2013Frokost seminar   windows 8 februar 2013
Frokost seminar windows 8 februar 2013Olav Tvedt
 
Windows_Installation.pptx
Windows_Installation.pptxWindows_Installation.pptx
Windows_Installation.pptxLearyJohn
 
Administrating Your Network
Administrating Your NetworkAdministrating Your Network
Administrating Your Networkzaisahil
 
PEARC17: Live Integrated Visualization Environment: An Experiment in General...
PEARC17: Live Integrated Visualization Environment: An Experiment in General...PEARC17: Live Integrated Visualization Environment: An Experiment in General...
PEARC17: Live Integrated Visualization Environment: An Experiment in General...moneyjh
 
Useful Group Policy Concepts
Useful Group Policy ConceptsUseful Group Policy Concepts
Useful Group Policy ConceptsRob Dunn
 

Similaire à Network Implementation and Support Lesson 09 Group Policy - Eric Vanderburg (20)

Securing Windows with Group Policy
Securing Windows with Group PolicySecuring Windows with Group Policy
Securing Windows with Group Policy
 
Operating system security
Operating system securityOperating system security
Operating system security
 
MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410
 
(Ab)Using GPOs for Active Directory Pwnage
(Ab)Using GPOs for Active Directory Pwnage(Ab)Using GPOs for Active Directory Pwnage
(Ab)Using GPOs for Active Directory Pwnage
 
Microsoft Offical Course 20410C_12
Microsoft Offical Course 20410C_12Microsoft Offical Course 20410C_12
Microsoft Offical Course 20410C_12
 
Lecture 11 managing the network
Lecture 11   managing the networkLecture 11   managing the network
Lecture 11 managing the network
 
Best practices in Deploying SUSE CaaS Platform v3
Best practices in Deploying SUSE CaaS Platform v3Best practices in Deploying SUSE CaaS Platform v3
Best practices in Deploying SUSE CaaS Platform v3
 
Computer Architecture - Software - Lesson 10 - Hard Drive Management / Logica...
Computer Architecture - Software - Lesson 10 - Hard Drive Management / Logica...Computer Architecture - Software - Lesson 10 - Hard Drive Management / Logica...
Computer Architecture - Software - Lesson 10 - Hard Drive Management / Logica...
 
Network Implementation and Support Lesson 14 Security Features - Eric Vande...
Network Implementation and Support Lesson 14   Security Features - Eric Vande...Network Implementation and Support Lesson 14   Security Features - Eric Vande...
Network Implementation and Support Lesson 14 Security Features - Eric Vande...
 
Network Implementation and Support Lesson 10 Server Administration - Eric V...
Network Implementation and Support Lesson 10   Server Administration - Eric V...Network Implementation and Support Lesson 10   Server Administration - Eric V...
Network Implementation and Support Lesson 10 Server Administration - Eric V...
 
Anujit CV
Anujit CV Anujit CV
Anujit CV
 
Anujit CV
Anujit CV Anujit CV
Anujit CV
 
70 640 Lesson07 Ppt 041009
70 640 Lesson07 Ppt 04100970 640 Lesson07 Ppt 041009
70 640 Lesson07 Ppt 041009
 
AppSense EM 8.5 Deep Dive
AppSense EM 8.5 Deep DiveAppSense EM 8.5 Deep Dive
AppSense EM 8.5 Deep Dive
 
Frokost seminar windows 8 februar 2013
Frokost seminar   windows 8 februar 2013Frokost seminar   windows 8 februar 2013
Frokost seminar windows 8 februar 2013
 
Ch 20
Ch 20Ch 20
Ch 20
 
Windows_Installation.pptx
Windows_Installation.pptxWindows_Installation.pptx
Windows_Installation.pptx
 
Administrating Your Network
Administrating Your NetworkAdministrating Your Network
Administrating Your Network
 
PEARC17: Live Integrated Visualization Environment: An Experiment in General...
PEARC17: Live Integrated Visualization Environment: An Experiment in General...PEARC17: Live Integrated Visualization Environment: An Experiment in General...
PEARC17: Live Integrated Visualization Environment: An Experiment in General...
 
Useful Group Policy Concepts
Useful Group Policy ConceptsUseful Group Policy Concepts
Useful Group Policy Concepts
 

Plus de Eric Vanderburg

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumEric Vanderburg
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveEric Vanderburg
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgEric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Eric Vanderburg
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityEric Vanderburg
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...Eric Vanderburg
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatEric Vanderburg
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEric Vanderburg
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology managementEric Vanderburg
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technologyEric Vanderburg
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEric Vanderburg
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challengesEric Vanderburg
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: RoboticsEric Vanderburg
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercisesEric Vanderburg
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemEric Vanderburg
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesEric Vanderburg
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsEric Vanderburg
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgEric Vanderburg
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgEric Vanderburg
 
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgCountering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgEric Vanderburg
 

Plus de Eric Vanderburg (20)

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology management
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technology
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challenges
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: Robotics
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercises
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
 
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgCountering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
 

Dernier

How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 

Dernier (20)

20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 

Network Implementation and Support Lesson 09 Group Policy - Eric Vanderburg

  • 1. Network Implementation & Support Chapter 9 Group Policy Eric Vanderburg © 2006
  • 2. Group Policy • Contained in GPO (Group Policy Objects) which are linked to Sites, Domains, or OUs • GPC (Group Policy Container) – Info about the GPO such as version used for synchronization. – Enable advanced view AD Users & ComputersSystemPolicies • GPT (Group Policy Template) – All the settings for the policy. Stored in %Systemroot %SysvolDomainPolicies • Registry.pol – All registry settings • GUID (Global Unique Identifier) – 128 bit number used to identify GPCs and GPTs. Unique to the forest. Eric Vanderburg © 2006
  • 3. Scripts • Computer – Startup – Shutdown • User – Logon – Logoff • • • • • Software settingsWindows settings Modify order Time out Asynchronous – run at same time Hidden or not Eric Vanderburg © 2006
  • 4. Default GPOs • Default Domain Policy – Applied to domain – Password policy, account policy, & kerberos can only be set here • Default Domain Controllers Policy – Applied to DC container • Create others in the Group Policy Object Editor MMC or from AD Users & Computers Eric Vanderburg © 2006
  • 5. Settings • Undefined – can be set by a higher GPO • Enabled • Disabled • Priorities – LSDOU (Local Site Domain Organizational Unit) – The last one applied takes precedence – No override (under options) – Block Policy Inheritance (under options) Eric Vanderburg © 2006
  • 6. Applying Group Policy 1. Computer starts up & queries the DC for GPOs that apply 2. Startup scripts run 3. GPTs are downloaded form the sysvol share and applied in order 4. User logs on 5. DC is queried again 6. Logon scripts run 7. GPTs are downloaded and applied 8. Software policies execute Eric Vanderburg © 2006
  • 7. • Administrative Templates – – – – User settings Applications Control panel GUI • Windows Settings – IE – RIS – Folder redirection • Software Settings – Installation & maintenance / upgrade Eric Vanderburg © 2006
  • 8. Administrative Templates • Windows Components (both) – IE, Netmeeting, Tasks • System (both) – Disks quotas, Driver signing, Code signing • Network (both) – Offline files & folders, dial up connections, VPNs • Printers (computer) • Start menu & taskbar • Desktop (user) – Wallpaper, which icons display, Active desktop enabled • Control panel (user) – Applets that appear • Shared folders (user) – DFS Eric Vanderburg © 2006
  • 9. Security Settings • Local Policies – Applied first – Audit policy – what is in the event logs – User Rights Assignment – what can be done on the machine – Security Options – Logon banner, restrict access to media, remove logon • Event Log – size, retention • Restricted groups – restores users to certain groups or groups to groups Eric Vanderburg © 2006
  • 10. Security Settings • System Services – how they start up (auto manual, on off) • Registry – permissions to registry • File Systems – permissions & auditing • Wireless network – SSID, encryption, order • Public Key Policies – EFS, autoenrollment, CA trusts • Software Restriction Policies • IP Security Policies – enable policies Eric Vanderburg © 2006
  • 11. Folder Redirection • Folders – Application Data – Desktop – My Documents – Start Menu • Stored on network • Settings – Grant permissions to folder – Move contents to network – Redirect back to local when removed Eric Vanderburg © 2006
  • 12. Permissions • Must have these permissions for the GP to apply – Apply Group Policy permissions – Read • Gpresult – RSoP (Resultant Set of Policies) • Gpupdate /force Eric Vanderburg © 2006
  • 13. Software Deployment • Place MSI in shared folder • EXE can be installed with ZAP file – ZAPs cannot be assigned and will not repair themselves • Assigned Apps – shortcut is created and it is installed on first run • Published Apps – appears in Add/Remove programs • Upgrades – mandatory, optional, completely redeploy • Removal – forced or optional, no new installs Eric Vanderburg © 2006
  • 14. Acronyms • • • • • • GUID, Global Unique Identifier GPC, Group Policy Container GPO, Group Policy Object GPT, Group Policy Template MSI, Microsoft Installer RSoP, Resultant Set of Policy Eric Vanderburg © 2006