Group Policy

Question 1

Group Policy Container

Answer 1

Lives in AD, and can access through ADUC. Used to store properties of GPOs. Contains sub-containers for users and computers.

Question 2

Group Policy Template

Answer 2

contains all info, and policy settings of each GPO. Lives in the Sysvol. Find content of GP itself.

Question 3

GP Container Location

Answer 3

View advanced features in ADUC. System/Policies.

Check attribute editor for display name of the GUID policy.

or

Windows Run command.

\company.pri\sysvol\company.pri

Question 4

Group Policy Object

Answer 4

comprised of computer config and user config.

Question 5

GP Computer Config

Answer 5

Used to manage settings for the computer. Associated with the HKEY localusers hive.

Question 6

GP User Config

Answer 6

Things associated with users and the profiles. HKEYCurrent Users in the registry.

Question 7

OU Organization

Answer 7

Separate OUs that contain computer objects, and thos that contain user objects specialized for GP.

Question 8

GPME

Answer 8

Group Policy Management Editor.

Question 9

Group Policy Precedence

Answer 9

• Local
• Site
• Domain
• Organization Unit - Last Writer. This will over right anything above.

Question 10

Configure a Central Store

Answer 10

.ADM provided list of possible questions for a GPO’s settings.

.ADMX took all of the content that was in the ADM files and put it into XML to shrink the size of files. Reference happens through a GP central store that exists in the sysvol. Content exists on DC at c:\windows\Policy Definitions.

ADML human readable language for the ADMX files. Same location. In the folder of en-US.

Copy to domain sysvol in order to obtain the central store in other DCs.

Question 11

Starter GPOs

Answer 11

Create GPO templates.

Question 12

Get-GPO

Answer 12

Gets the GPO information

Question 13

Backup-GPO

Answer 13

Backs up one GPO

Question 14

Copy-GPO

Answer 14

Copies a GPO

Question 15

Get-GPOReport

Answer 15

Generates a report for GPO.

Question 16

Import-GPO

Answer 16

Imports GPO

Question 17

Where GPO exist

Answer 17

Group Policy Objects container within the GPM tree.

Question 18

WMI Filters

Answer 18

Take characteristics of users and computers and you can use those as mechanisms to apply group policy.

Question 19

MLGPO

Answer 19

Multiple Local Group Policy Objects. Kiosk systems. Extremely locked down machines. Non Domain joined systems. The precedence order goes as folllows:

• Local GPO - local user and computer.
• Administrator vs. Non-Admin.
• Individual Users. (Last Writer Wins)

Question 20

Group Policy Object Editor

Answer 20

Specific to the local machine group policy.

Question 21

Disable local built-in admin and replace with “localadmin” user.

Answer 21

• Create new GPO in appropriate OU.
• Edit in the GPME.
• Policies/Windows Settings/Security/Restricted Groups

Or use GP Preferences:

• Control Panel settings/ Local Users and groups.
• Choose new Local user “localadmin”

Question 22

Add IT Group to Administrators

Answer 22

• Go to control panel settings/local users and groups
• Choose new Local group
• Create New Local group as “Administrators”
• Add appropriate members
• Select a variable to add local admins into group. I.E.(%ComputerName%\localadmin)

Question 23

Grant IT Backups group rights to perform remote backups

Answer 23

• Go to GPME
• Policies/Windows Settings/Security Settings/Local Policies/User Rights Assignment
• Add appropriate group to “back up files and directories”
• Add appropriate group to “Access this computer from the network” to allow backups remotely.

Question 24

Enforce machine lock after 15 minutes of inactivity, and display user information once session is locked

Answer 24

• GPME. /Policies/Windows Settings/Security Settings/Local Policies/Security Options
• Choose Interactive Logon: Machine inactivity limit
• Choose Seconds parameter.
• Then Choose Interactive Logon: Display User information when the session is locked.

Question 25

Audit logon and account logon failure events

Answer 25

-GPME. /Policies/Windows Settings/Security Settings/Local Policies/Audit Policy Configure the granular audit policies instead of general listed above. - Then check in the same directory for /Advanced Audit Policy Configuration/Audit Policies/Account Logon - Then choose in the same directory /Logon/Logoff and choose the failure to report on.

Question 26

Audit removable storage

Answer 26

- GPME. /Policies/Windows Settings/Security Settings/Advanced Audit Policy Configuration/Object Access/Audit removable storage. - Audit event on success and failure. Ensure to force audit policy subcategory settings within the security options under "local Policies" in the GPME.

Question 27

Enforce UAC for admins and remote OTS elevation prompt (access denied for non admins)

Answer 27

- GPME. /Policies/windows settings/security settings/Local Policies/Security Options/User Account Control: Behavior of the elevation prompt for administrators in admin approval mode. - Choose Prompt for consent on the secure desktop. - Go tp /UAC: behavior of the elevation prompt for standard users. - Choose automatically deny users.

Question 28

Disable UAC for software installations.

Answer 28

-GPME. /policies/Windows Settings/Security Settings/Local Policies/ Security Options/ UAC: Detect application installations and prompt for elevation.

Question 29

Get Audit Policy in CLI

Answer 29

auditpol /get /category:*

Question 30

Get Audit Policy in CLI

Answer 30

auditpol /get /category:*

Question 31

Configure Security Templates

Answer 31

Export the security policy into an .inf file format. You can import a file that doesn't have AD. Open an MMC, and add in the "Security Templates" & "Security Configuration". View contents of the .inf file you created. Open the template in a database. Then analyze the computer in relation to the template.

Question 32

Blacklisting

Answer 32

anti-malware solution. "I don't want this code to execute on my systems." Requires constant updating.

Question 33

Whitelisting

Answer 33

identify what is allowed.

Question 34

SRP

Answer 34

Software Restriction Policies. - introduced with Windows 2003. - Supported on all OS Versions. - Scoped to all users. - File hash, path, certificate, registry, path, and internet zone rules - Blacklisting and whitelisting - Always enforcing

Question 35

AppLocker

Answer 35

- Introduced with Windows 7/2008r2 - Requires windows 7/8 enterprise or Windows Server STD/ENT/Datacenter - Scoped to specific users or groups. - File hash, path, and publisher rules. - Whitelisting only. - Enforcing or merely auditing.

Question 36

SRP Location

Answer 36

GPME. /Policies/Windows settings/Security Settings/Software Restriction Policies. Define Security Levels. "Disallowed, Basic User, Unrestricted" Identify Additional Rules.

Question 37

Certificate Rule in Defining SRP

Answer 37

Allows you to identify the certificate that is used to sign the app or exe. Fairly unlikely you would have the cert that "Intuit" would use for their app.

Question 38

Hash Rule for Defining SRP

Answer 38

Provide a mechanism to hash the file digitally that corresponds with the code in the file. Long list of numbers. Hash Rule can be nice if you know every exe that is going to run.

Question 39

Path Rule for Defining SRP

Answer 39

You identify a path that any content in that location is allowed to run. Any EXE can run in the folder. A user could just add in that location. It could create some other problems.

Question 40

Network Zone Rule for defining SRP

Answer 40

in IE you can determine network zones. You can determine which zone to classify. For example, 'Internet', 'Local Computer', 'Local Intranet', ' Restricted sites', 'Trusted Sites.'

Question 41

AppLocker Policies

Answer 41

GPME. /Policies/Windows Settings/Security Settings/Application Control Policies/AppLocker - Executable rules - Windows Installer rules - Script Rules - Packaged app Rules. Enforce or audit only.

Question 42

Auto Create Applocker Rules

Answer 42

Right Click on Rule. Click Automatically generate rules. . Choose directory to scan executable files. Then choose publisher rules for files that are digitally signed.

Question 43

Deploy AppLocker

Answer 43

Enable Application identity service. Add GPO into appropriate OU. Then Link it to the OU of test machines.