Chapter 6: Implementing Security with Group Policy

Previous page
Table of content
Next page

Overview

Security is hot. Hot, hot, hot. Microsoft has a big security push underway, with lots of proposed changes to their product lines to make them all more secureright out of the box. Windows 2003 is the start of that trend, and it's inarguably more secure out of the box than its predecessors. And Windows 2003 / SP1 has added some even better goodies to make the whole process of securing your servers a lot easier.

With that in mind, we'll pay special attention to several areas of security that can be designed and maintained with the power that Group Policy offers.

First, we'll look at the two default GPOs: the "Default Domain Policy" GPO and the "Default Domain Controllers Policy" GPO and how they help tighten security. Then, we'll take a walk through the park and see all that can be set via security- related policies:

  • Local vs. effective permissions: why do settings show up on our clients ?

  • Auditing: who is using our clients and servers?

  • User and computer scripts: logon scripts were never like this.

  • Internet Explorer maintenance settings: allow you to set IE settings centrally .

  • Restricted Groups: force group membership and nested group membership.

  • Software restriction policies: allow/disallow specific applications to run.

Last, but certainly not least, we'll harness and focus our Group Policy power.

Often, you'll want to find a way to tie down a specific machine so it will be nigh invulnerable to outside forces. You might want to do this in public computing environments, such as libraries or nursing stations , or if you have machines in open areas that you feel are specifically vulnerable to physical attack or theft. You'll learn all about that in this chapter in the "Securing Workstations with Templates" section.

Finally, Windows 2003 / SP1 brings some new additions to the table. As you're plunking around some of the special security policy settings, Windows 2003 / SP1 gives you a "heads up" pop-up style message if you're about to modify a security setting that could do some harm. Microsoft calls these "soft barriers" because they don't prevent you from shooting yourself in the foot , but they do warn you first. You can check out KB 823659 for specific security policy settings that are affected. The pop-ups warn about anything that could be considered a risky configuration and alert you to known compatibility problems.

The other big news for Windows 2003 / SP1 is that it brings a brand-new tool to the table. It's called the Security Configuration Wizard, or SCW for short. Don't let the fact that it's a "wizard" fool you into thinking it's got limited power. It's a superstar, and we'll see how to use it and how to make your Group Policy world rock with new power.


Previous page
Table of content
Next page
Group Policy, Profiles, and IntelliMirror for Windows 2003, Windows XP, and Windows 2000
Group Policy, Profiles, and IntelliMirror for Windows2003, WindowsXP, and Windows 2000 (Mark Minasi Windows Administrator Library)
ISBN: 0782144470
EAN: 2147483647
Year: 2005
Pages: 110
Authors: Jeremy Moskowitz
BUY ON AMAZON
Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
Snort Cookbook
Cisco IOS Cookbook (Cookbooks (OReilly))
GO! with Microsoft Office 2003 Brief (2nd Edition)
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
GDI+ Programming with C#
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy