-
Notifications
You must be signed in to change notification settings - Fork 0
Ops 301 Class 04
Group Policy is a feature of Windows that essentially provides a centralized place for administrators to manage and configure operating systems, applications and users’ settings on either the local or domain level.
A Group Policy Object (GPO) is a group of settings that are created using the Microsoft Management Console (MMC) Group Policy Editor. The MMC allows users to create GPOs that define registry-based policies, security options, software installation, desktop standardization, and more.
Active Directory applies GPOs in the following order; local policies, site policies, domain policies and OU policies.
The local computer policy is the first to be processed, followed by the site level to domain AD policies, then finally into organization units. If there happen to be conflicting policies in LSDOU, the last applied policies wins out.
Group Policies can be used in numerous ways to bolster security, including disabling outdated protocols, preventing users from making certain changes and more.
Password Policy: GPOs can be used to establish password length, complexity, expiration dates, and more.
Systems Management: GPOs can be used to simplify tasks that are time-consuming when done manually, such as desktop standardization.
Health Checking: GPOs can be used to deploy software updates and system patches to ensure your environment is healthy and up to date against the latest security threats.
The GPO editor isn’t the most user-friendly console that you’re likely to come across. A deep understanding of PowerShell will help make it easier to do all the GPO updates.
GPO updates are undertaken randomly every 90 to 120 minutes whenever the computer gets rebooted. You can be specific with an update rate from 0 minutes up to 45 days. However, if you do specify 0 minutes, then by default the GPOs will attempt to update every 7 seconds, which is likely to choke your network with traffic.
GPOs are also not immune to cyberattacks. If an attacker wanted to change local GPOs on a computer in order to move laterally across the network, it would be very difficult to detect this without a Group Policy auditing and monitoring solution in place.
This is relevant to the material we are studying this week because it pertains to securing and auditing an organization's domain controllers and active director(ies).