Assingment 8 - Group Policy Flashcards
- What is the purpose of using Group Policy?
Group Policy is used to restrict or allow access to Windows components. They can be applied to computers or users. Common policy settings include access to applications or settings in Windows, setting password and firewall options, and configuring audit policies for monitoring.
- What are some commonly used policy categories?
Some common policy categories include Account Policies, Local Policies/Audit Policy, Local Policies/User Rights Assignment, Local Policies/Security Options, Software Restriction Policies, Administrative Templates, Starter Group Policy Objects.
- What are some common components of a Group Policy Object (GPO)?
Common components of a GPO include registry settings, scripts, templates, software-specific configuration values.
- What is the difference between a Local Group Policy versus a Domain Group Policy?
A Local Group Policy is used to control security settings and other restrictions on a computer that is not part of a domain.
A Domain Group Policy is used to control security settings and other restrictions on computers and users that are part of a domain. Domain policy settings will override local policy settings if the policy setting is defined in both places.
- What can GPOs be linked to?
GPOs are linked to
Active Directory sites,
domains,
organizational units (OUs).
The built-in containers cannot have GPOs linked to them.
- What are the three general settings for any group policy item?
For most group policy items, they can be either
Not Configured,
Enabled, or
Disabled.
- What two broad categories are the GPO settings divided into?
Two broad categories for GPO settings are
computer configuration
user configuration settings.
- When do the Computer policy settings get applied?
Computer policy settings are applied during the boot up of the computer.
Any changes to computer policy require a reboot of the machine that the policy has been applied to.
- When do the User policy settings get applied?
User policy settings are applied when the user logs into the system. Any changes to user policies require the user to log off and back on again to take effect.
- How are Group Policies processed if more than one is applied to a container?
Group policies are processed from the bottom up if more than one policy is applied. The GPO that is linked the highest takes precedence.
- What is ‘Blocking Inheritance’?
Blocking Inheritance prevents settings in all GPOs linked to parent objects from being applied to child objects.
- What is the implication of setting a linked GPO to ‘Enforced’?
Enforcing a linked GPO prevents inheritance from being blocked. Enforced GPOs are applied last and override other GPO settings.
- What is the purpose of a Password Policy?
This policy is used to set password characteristics that are enforced by the system.
- What are some of the Account Lockout and Password Policy settings that can be configured?
Password length – minimum length
Password age – before it must be changed
Password complexity – use characters other than just letters and numbers
Enforcing Password History – require unique passwords that cannot be reused
Account Lockout settings – used to determine how long an account is locked if a number of failed logon attempts are made.
- What are some strategies for protecting against password attacks?
Do not use the same password for different systems.
Accounts should be disabled or locked if a number of failed attempts are made.
Passwords should never contain words, slang, or acronyms
Users should be required to change their passwords within a regular time interval.
Use strong passwords of minimum 8 characters with no part of the username or e-mail address.
- What are some restrictions that should be enforced with respect to passwords within an organization?
The same password should never be used for different systems.
Accounts should be disabled or locked out after a specified number of failed login attempts.
Passwords should never contain words, slang, or acronyms.
Users should be required to change their passwords within a certain time frame.
A strong password policy should be enforced.
- What is the purpose of auditing?
Auditing is used to monitor system events or system changes that have occurred within the Domain.
- What are two general audit events that can be logged?
Audit Success or Failure events are recorded.
- What are the nine basic audit policy categories that can be configured through Group Policy?
Account Logon – tracks when a user logs onto the domain
Account Management – tracks changes to user accounts
Directory Service Access – tracks changes to Active Directory objects
Logon – tracks when a user logs onto the local system.
Object Access – tracks access to files, folders, and printers
Policy Change – tracks changes to policy changes for user rights, trust relationships, and audit policies.
Privilege Use – tracks when a user exercises a right or an administrator takes ownership of a file
Process Tracking – tracks actions taken by applications
System – tracks system shutdown, restart, or the starting of system services.
- What is the disadvantage of using Audit Policies?
Auditing uses up system resources and need to be monitored by the administrators.
- What is the difference between user permissions and user rights?
Permissions are the ability to use objects such as files, folders, and printers.
Rights are the ability to perform actions on the computer such as log on, shutdown, and backup.
- What are some of the User Rights Assignment policies that can be used to manage what users are allowed and not allowed to do on a system where the policies are applied?
Access to a computer from the network. Add workstations to the domain Allow local login Allow remote desktop login Back up files and directories Change system time Force shutdown from a remote system Load and unload device drivers Manage auditing and security log Perform volume maintenance tasks Shut down the system Take ownership of files or other objects
- What four security group options categories can be configured with group policy?
Accounts – disable or enable built in accounts like Administrator and Guest
Devices – prevent users from installing printing devices, CDROM access, and removable media
Interactive Logon – disable or enable how the user logs in or out of the system and what information is displayed about user accounts.
Network Security – secure network access such as force log off when logon hours expire.
- What is the function of the User Account Control (UAC) settings?
The UAC helps minimize the dangers of unwanted actions or unintended software installations.
Standard user and Administrator accounts have different levels of rights and privileges which are defined when a user logs in through an access token. The level of rights and permissions can be modified through UAC.
