Group Policies - Beginners' Guide

Discussion in 'other software & services' started by Mrkvonic, Jan 12, 2007.

Thread Status:
Not open for further replies.
  1. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,694
    Hello,

    I have written a step-by-step beginners' guide to using Group Policies and Software Restriction Policies, including an overview of the most important functions, useful settings and general configurations.

    Following this guide can help you harden the Windows significantly, especially if you need share your Windows with less savvy users, if you have multiple accounts or wish to trim down on peripheral threats, like USBs or CD-ROMs, and more.

    http://www.dedoimedo.com/computers/policies.html

    As usual, I would appreciate feedback, suggestions, corrections.

    Hope you find this useful and handy.

    Cheers,
    Mrk
     
    Last edited: Jan 12, 2007
  2. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Re: Group Policies - Comprehensive Guide

    Hi, as you said,
    your site is really growing as a good place for guides.
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,694
    Re: Group Policies - Comprehensive Guide

    Hello,
    Thanks, man.
    Mrk
     
  4. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Re: Group Policies - Comprehensive Guide

    Second that :thumb:
     
  5. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,508
    Location:
    Slovakia
    Re: Group Policies - Comprehensive Guide

    Great guide, but I have one important question, is it possible to import/export GPO?
    As far as I know, it is not possible, at least noone, I asked, did not know how to do it.
    I do a clean instal too often and setting up 2400 policies all the time does not sound good.
    I have security template, but it is nothing in comparision to GPO, but so far, I can not use it.
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,694
  7. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,694
    Re: Group Policies - Comprehensive Guide

    Hello,
    Updated with TOM's suggestion under useful links.
    Some tiny changes for better clarification of terms.
    Cheers,
    Mrk
     
  8. horn

    horn Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    97
    Re: Group Policies - Comprehensive Guide

    Hello Mrk.
    I started a thread https://www.wilderssecurity.com/showthread.php?t=16 to fix error in connection with Group Policies.
    Please have a look and let me know if there is any chance to solve this problem.
    Regards,
     
  9. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,331
    Location:
    West Yorkshire, UK
    Re: Group Policies - Comprehensive Guide

    It looks generally a good guide, I wouldn't call it a comprehensive guide (or call it "comprehensive part 1" maybe), but the stuff you cover is done well .

    If you are taking the route of modifying group policies, it needs to be noted that using a restricted user account (and setting decent default folder permissions, eg removing everyone for all drives) is a lot simpler way of improving system security.

    To apply group policy to individual users you need a windows domain (which requires a windows 2000/2003 server). There is a workaround http://www.theeldergeek.com/gp07.htm but not a complete solution.

    Heres a tweak:
    Enable windows update notification in limited user accounts, via GPCedit: goto Computer Configuration/Administrative Templates/Windows Components/Windows Update, it's called "Allow non-administrative users to receive update notifications"

    Finally, what about a few words on using GPCedit to enforce password strength and retry timeouts (Computer Configuration/Windows Settings/Security Settings/Account Policies)
     
  10. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,694
    Re: Group Policies - Comprehensive Guide

    Hello,

    horn, cannot see that page, please try to explain your problem again.

    nick, if you have a suggestion for a title I'd be glad to hear and change - something without the word comprehensive ... The password strength and retry is not a bad idea. I'll add that.

    Mrk
     
  11. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    Re: Group Policies - Comprehensive Guide

    Hark
    Is that the sound of someone tossing bucketfuls of water overboard?

    :p


    another masterpiece of tutorial authorship,
    with circles and arrows and a paragraph on the back of each one :D
    only have time to skim it this morning but expect it to be up to your normal high standards :)

    Thanks

    hey when are you going to do a Snort Guide?
    just so I dont have to crank up any grey matter with legal drugs
     
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,694
    Re: Group Policies - Comprehensive Guide

    Hello,

    Thanks for the comments and praises.

    Snort is somewhere on the to-do list. There's Ruby, R, S languages, LaTeX, scientific computation, java development + OOD, getting a Novell Certified Profesional badge, plus full time job and wife, really got my hands busy...

    BTW, I'm confused. The inability to see horn's post + the curious attitude of the article you linked to gives me a feeling of slight disorientation. And I might as well be catching a flu ... Go easy with me, lads.

    Mrk
     
  13. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    Re: Group Policies - Comprehensive Guide

    This is what horn meant to link to:

    https://www.wilderssecurity.com/showthread.php?t=160899
     
  14. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,694
    Re: Group Policies - Comprehensive Guide

    Hello,
    Did you try the tips in the link I posted, using gpmc?
    As to .NET, I have 1.1 and it works fine.
    Mrk
     
  15. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,694
    Re: Group Policies - Comprehensive Guide

    Hello,
    Changed name from Comprehensive guide to Beginners' guide.
    Mrk
     
  16. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    Very nice, I have since bookmarked this page.

    I have used Group Policies before, but as you said...sometimes they can be confusing.

    Nice Job! :thumb:
     
  17. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    Excellent piece of work Mrkvonic.
     
  18. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Nice tutorial ;)
    I am a beginner to Group Polices so this comes handy :thumb:
     
  19. horn

    horn Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    97
    Hello Mrk,
    I suppose you've seen my thread in meantime.My problem is:
    "In my Event Viewer appears Error
    Source: Userenv
    Event ID: 1085
    User: NT AUTHORITY/SYSTEM
    Description:The Group Policy client-side extension Internet Explorer Zonemapping failed to execute."
    I've install GPMC and NET.Framework.1.1, but now need your tutorial how to proceed, please.
     
  20. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    horn a few quick searches points me to here as a possible starting point
    How to enable user environment debug logging in retail builds of Windows

    which would get you a log like this
    http://64.233.167.104/search?q=cach...Explorer Zonemapping&hl=en&gl=us&ct=clnk&cd=2

    from there you might be able to narrow it down some more

    might also want to try Microsoft Windows Group Policy Guide eBook (pdf)
    if you download that you'll see why nickr's comment and Mrkvonic's change of title were appropriate ;)

    Good Luck

    You can find anything on the internet :p
    (but delete the link if you must)

    song, album, & later a movie ;)
     
    Last edited: Jan 12, 2007
  21. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,694
    Hello,

    horn, I haven't forgotten you, I've been trying to figure it out. So far, I do not have any smart answers. I'll keep investigating.

    Ice, one of your legal drugs would not be out of place now.

    Mrk
     
  22. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    Im always much more coherent after the first 64oz's of caffeine :p

    horn I'll see what I can dredge up this afternoon or evening ;)
     
  23. horn

    horn Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    97
    Great .I'll wait to hear from you good news.Since now all my attempts to fix this
    failed.
    At the end discovered , GPMC what installed can not be used in my PC because is configured as "WORKGROUP"- and should be as a DOMAIN.
    I am not sure when this error start to appear - after some Windows Update, or IE7 installation , or KIS 6- who knows, and by the way with this ID 1085 I have one error plus- ID 3102, both of them in Applications.They are new ones.
    I System I have NetBT.error ID:4311, but according MS this one can be ignored.This one is 5-6 months old and can be fixed only with Hotfix from MS, which I ask but newer received.
     
  24. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    Workgroup vs Domain
    but even as a workgroup you can employ start > run > (type) gpedit.msc ;)

    and as far as NetBIOS goes Id shut that down anyway if you dont have legacy OSs on your network (Win9X ect) you dont need or want it
     
  25. horn

    horn Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    97
    Right, no probs.
    I have dual boot ,besides XP Pro I have Win 98 SE on other partition ,on the same HD, so I'll keep NetBIOS as it is.
     
Loading...
Thread Status:
Not open for further replies.