Category Archives: Group Policy
Posted in Application Control, Desktop Lockdown, Group Policy, Least Privilege
Comments Off
Desktop Misadventures
Bradley Manning – the Private who’s accused of downloading 110,000 U.S. State Department cables to his PC, copying them to a removable drive and then passing the information to Wikileaks – has been in the news again this week as … Continue reading
Posted in Group Policy, Least Privilege, Privilege Guard, User Account Control (UAC), Windows 7
Comments Off
Who’s in Charge of User Account Control?
Microsoft’s Security Intelligence Report (SIR) v10, published in May this year, revealed figures that show Windows 7 is the company’s most secure operating system, reporting that the OS suffered fewer security incidents per 1000 computers than any other supported version … Continue reading
Posted in Active Directory, Group Policy, Least Privilege, Privilege Guard
Comments Off
Assigning admin privileges on Domain Controllers
Active Directory (AD) is the core of a Windows Server network and consists of a database that stores usernames and passwords, plus several technologies that work together to provide security and management services to clients and servers. Domain controllers (DCs) … Continue reading
Posted in Active Directory, Group Policy
Comments Off
What is the Right Amount of GPOs?
This is a question I get all the time, so I thought I’d take a moment and share some thoughts on this question. Before we get to “What is the right amount of GPOs”, let’s start off with “Can I … Continue reading
Posted in Active Directory, Group Policy, Privilege Guard
Comments Off
Deploying Privilege Guard with NetIQ GPA
Avecto Privilege Guard is implemented as a Group Policy Extension, which allows it to integrate seamlessly with solutions that enable advanced management of Group Policy. This includes Microsoft’s Advanced Group Policy Management (AGPM), which is part of the Microsoft Desktop … Continue reading
Posted in Group Policy, WMI
Comments Off
Active Directory Group Policy and WMI Filters
The scope of a Group Policy Object (GPO) can be controlled with WMI filters, based on criteria such as operating system version or hardware specifications. A WMI filter consists of one or more queries, and if all queries evaluate to … Continue reading
Posted in Application Control, AppLocker, Desktop Lockdown, Group Policy, Windows 7
Comments Off
The Pros and Cons of Windows 7 Application Control with AppLocker
Windows 7 Ultimate and Enterprise editions ship with AppLocker, which is a Group Policy based application control solution. AppLocker is a big improvement over Software Restriction Policies, as it provides a more flexible and intuitive solution to its predecessor. AppLocker … Continue reading
Posted in Application Control, Desktop Lockdown, Group Policy, Least Privilege, Windows 7
Comments Off
5 Tips for Flexible Desktop Lockdown
Desktop lockdown shouldn’t hinder a user from performing their day to day role, so here are 5 tips to achieve flexible desktop lockdown. 1. Implement Least Privilege If you are serious about desktop lockdown then you really need to adopt … Continue reading
Posted in Active Directory, Group Policy
Comments Off
Embrace Group Policy, It Makes Sense…
It surprises me how few vendors use Active Directory Group Policy as a mechanism to centrally manage and deploy policy settings for their Windows based products, and instead build their own backend infrastructure for this purpose. I could rattle off … Continue reading
