In this chapter, you will learn how to
\ue000Configure User and Computer Security settings Group Policy
\u2022Configure an audit policy
\u2022Deploy software through Group Policy
\u2022Troubleshoot issues related to Group Policy application and deployment
Once you have the basics down about Group Policy behavior, Security settings and Soft- ware settings are just two more examples of the capabilities that a Group Policy can be set to manage. If it sounds simple, stay tuned. There\u2019s still quite a bit to learn about im- plementing both of these technologies. Each requires specialized knowledge that you\u2019re sure to encounter on the 70-294 exam.
This chapter will help you use Group Policy Objects to configure a system\u2019s Security set- tings, as well as to deploy and manage software. The software managed with Group Policy can be made available to both users and computers in the Active Directory enterprise.
In Chapter 22, we examined several ways that Group Policies could manage the com- puting environment. Yet another example of the settings a Group Policy can be used for include the Security settings. Several areas of the computing environment can be se- cured with Group Policy\u2019s many settings. You access the security areas from the Win- dows Settings folder in each of the User Configuration and Computer Configuration nodes, as shown in Figure 23-1.
\u2022Local PoliciesThese settings are based on the computer you are logged on
to, and they affect the abilities a user has over that system. The Local Policies
settings include Audit Policies, User Rights Assignments, and Security Options.
\u2022Event LogThese settings define the properties of the Application, Security, and System logs in the Event Viewer, along with access rights to each log file and retention settings.
environments, would be added to groups and then never removed. This also
applied to former administrators: the person would leave the company, but the
account would remain, leaving a security hazard to the domain. With Restricted
Groups, you can control the membership of groups like Administrators, Power
Users, Print Operators, and Domain Admins through Group Policy settings.
Configuring Restricted Groups ensures the group memberships are set as
specified by the editor of the Group Policy and are not subject to change.
\u2022System ServicesThese settings are used to configure the startup behavior of services running on a computer. The configurable startup settings include Automatic, Manual, and Disabled. They also define which user accounts will have permission to read, write, delete, start, stop, or execute the service.
\u2022File SystemThese settings are employed to configure security on specific
file paths. The Access Control List (ACL) to a file or folder is set through
a Group Policy.
\u2022Wireless Network PoliciesThese settings allow you to create and manage
wireless network policies. A wizard interface will help you create each policy.
They can be used to define which wireless networks a system can communicate
\u2022Software Restriction PoliciesThese policies let you manage which software
can run on a particular computer. This can be an important security level if
you are worried about users downloading and running untrusted software in
your network. For example, you can use these policies to block certain file type
attachments from running in your e-mail program. Software Restriction Policies
settings are set by first configuring a default security level of Unrestricted, which
allows all programs to run within the context of the user currently logged on, or
Disallowed, which does not allow programs to run. You then set up rules that
provide exceptions to default security level. These rules can be based on hash
algorithms or certificates, both of which are used to uniquely identify software.
Other rules include path rules, which potentially let users use software if it is
located in a specific directory or registry path, or Internet Zone rules, which
identify software from a certain zone specified through Internet Explorer.
can use this area to set encryption rules for inbound and outbound traffic, and also specify particular networks or individual computers with which your system can communicate. Much like the Software Restriction Policies settings, IP Security Policies settings are exception-based, configured by either accepting or rejecting traffic based on a set of conditions. The different permutations of IP Security
As you can see, hundreds of settings can affect the security of a system or a network. Memorizing all of these settings is impossible and would not be helpful for purposes of the exam. However, you still need to be familiar with some of the configurable settings. Each of the Security settings could have several pages or even entire chapters of material explaining the various purposes of the settings here. Covering each of them in exhaus- tive detail is outside the scope of this book.
Now bringing you back...
Does that email address look wrong? Try again with a different email.