Chapter 6 (Windows)
What are some of the actions you can perform in the GPMC?
1. Create and edit GPOs 2. Import and export GPOs 3. Copy and paste GPOs 4. Back up and restore GPOs 5. Search for GPOs 6. Create reports on GPOs
What are some guidelines that should result in simple and effective Group Policy?
1. Define OUs that reflect your organization's functional structure 2. Create OU GPOs for controls required in your security policy 3. Use meaningful names for GPOs to make maintenance and administration easier 4. Deploy GPOs in a test environment before deploying to your live environment 5. Use security filtering and WMI filters to restrict settings when necessary 6. Back up your GPOs regularly 7. Do not modify the default policies—instead, create new GPOs
What are the steps to making Group Policy conform to your security policy?
1. Examine a list of GPO settings that already exist in the default Windows template. Identify any GPO settings that satisfy parts of your security policy. Activate all settings that are appropriate for your policy 2. Identify any elements in your security policy that do not already exist in default Windows templates. Then, list the elements that new GPO settings can address. For example, supposed you want to hide the Recycle Bin on every user's desktop. You can easily create a new GPO with this setting 3. Create new GPOs for each of the remaining goals in your security policy that you identified in the second step
What 2 tools do Microsoft provide to audit Group Policy?
1. Group Policy Inventory (not included, must download) 2. Resultant Set of Policy tool (included by default)
Windows applies multiple GPOs in the following order (lowest to highest)
1. Local GPOs 2. Site GPOs 3. Domain GPOs 4. Organizational Unit GPOs * Any setting in a higher-level GPO will override a lower-level GPO setting (unless the higher-level GPO's setting value is not configured)
What are the 2 main types of Group Policy settings?
1. Local Group Policy settings 2. Active Directory Group Policy settings
What 2 modes does RSOP have?
1. Logging mode (to show existing GPOs) 2. Planning mode (shows the effect of planned GPO changes)
What are some the categories of settings in Group Policy Objects (GPOs)?
1. Password policy 2. Account lockout policy 3. Kerberos policy 4. Audit policy 5. User Rights Assignment 6. Security options 7. Event log 8. Restricted groups 9. System services 10. Registry 11. File System
What are the 2 main reasons for making Group Policy conform to your security policy
1. To allow management to meet security responsibilities 2. To ensure that there are no gaps in your security policy and your policy doesn't contain additional controls
What is the Registry?
A database on each Windows computer that stores configuration settings for the computers and users
What is are Organizational Units?
AD containers that group computers either logically or functionally
You can define Local Group Policy settings and Group Policies in ____
Active Directory
____ can apply to any users on any computers defined in Active Directory
Active Directory Group
The settings under the ____ category are stored in the Registry under the HKLM entry
Computer Configuration
What do settings do you see when you open up Local Group Policy Editor?
Computer Configuration and User Configuration
What are Domain GPOs?
Domain-wide GPOs defined in Active Directory
What are Local GPOs?
GPOs defined and stored on the local computer
What are Site GPOs?
GPOs defined in Active Directory for a specific site
____ provides an inventory list of GPOs and many other computer and user settings
Group Policy Inventory
AD GPOs are created on the domain controller using the ____. It is on available on domain controllers
Group Policy Management Console (GPMC)
Explain Group Policy Targets
Group Policy allows you to determine the specific targets for each rule. Some rules on your security policy apply to all users on all machine while others do not. Active Directory provides the ability to define Group Policy at different levels. Windows looks up all the applicable GPOs when a computer boots or a user logs on. Windows applies multiple GPOs int he following order (lower to high): 1. Local GPOs 2. Site GPOs 3. Domain GPOs 4. Organizational Unit GPOs
____ keys define settings that are specific to each user
HKEY_CURRENT_USER (HKCU)
The Registry stores Group Policy settings either in _____ or ____
HKEY_CURRENT_USER (HKCU), HKEY_LOCAL_MACHINE (HKLM)
____ keys define settings that apply to the computer, regardless of who is logged on
HKEY_LOCAL_MACHINE (HKLM)
What is an AD container?
It can be a site, a domain, or an OU. You must link GPOs to one or more sites, domains, or OUs to make the GPOs do anything
What is Group Policy?
It is a Windows feature that provides a centralized set of rules that govern the way Windows operates. It provides the ability to define and apply both general and security configuration changes to one or more computers
What does the Group Policy Update tool do?
It provides the ability to force user logoff or system boot when setting changes require these actions. You can turn it on by opening a PowerShell window and entering the following command: gpupdate.exe
____ control the behavior of a single computer
Local Group Policies
All of the ____ settings apply to a single computer
Local Group Policy
The ____ allows you to change only Group Policy settings and ensures the settings are stored properly and in the correct location in the Registry
Local Group Policy Editor
Windows applies ____ last, any global GPO settings should go here
OU GPOs
What are Organizational Unit GPOs?
OU GPOs defined in Active Directory
How many WMI filters can you link to each GPO?
One
The domain controller stores AD GPOs in a folder named ____
Policies
Windows stores many Group Policy settings in the ____
Registry
Since Group Policy settings are stored in the Registry, they can be edited directly using the ____
Registry Editor
____ shows what settings Windows applies to a specific user on a specific computer
Resultant Set of Policy tool (RSOP)
What does it mean that Windows applies GPOs to all computers and users in a container by default?
That means all computers and users in an OU will inherit any OU GPOs defined for that OU by default. You can change that behavior with security filters if you want an OU GPO to apply only to some computers or users in the OU
The settings under the ____ category are stored under the HKCU entry
User Configuration
Windows uses the ____ to define the queries for the filters
WMI Query Language (WQL)
____ allow you to query the target environment and apply security settings only in certain situations
WMI filters
____ give you even more control over when and where GPOs apply. You can create multiple of them for each domain and then, link each filter to one or more GPOs
WMI filters
____ is the infrastructure Windows uses to maintain and exchange management and operations data
Windows Management Instrumentation (WMI)
Group Policy uses a "pull" technology, which means that...
Windows periodically searches for any updated GPOs. If it finds a new GPO, it downloads and applies the changes to the existing environment. Windows check for them in 90 to 120 minute intervals
Explain GPO Linking
You can link GPOs to specific users to customize settings for groups of users or even individual users. Users who log on anywhere in the Active Directory domain will get GPOs linked to their user account. You can also link GPOs to organizational units (OUs). In fact, you must link GPOs to at least one computer, domain, or OU for the GPO to be active. GPOs that aren't linked to a computer, domain, or OU are defined but inactive
Unlike Local GPOs, AD GPOs do nothing until you link them to one or more ____
containers
You can define OUs to...
logically group computers into functional groups, such as "Accounting," "Manufacturing," and "Distribution"
