Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

OUHSC Group Policy Objects - OUHSC Information Technology

advertisement 
OUHSC Information Security Update
IT, Information Security Services
Randy Moore
Mike Waller
Nathan Gibson
Greg Bostic
Security Project Update (the three Ps)
• Policy baseline completed
– See http://it.ouhsc.edu/policies/
• Perimeter firewall management project complete
–
–
–
–
All externally accessible servers registered in db
Firewall rules updated with db
Servers scanned and vulnerabilities mitigated
https://www.ouhsc.edu/acl/admin23/allacl.cfm
• Private IPs for hosts on new network
Security Personnel Update
•
•
•
•
Kenneth Reed: moved to Engineering
Nathan Gibson: moving on risk assessments
Mike Waller is moving on to Charlotte
Greg Bostic is moving into security
New Projects
•
•
•
•
Payment Card Industry Data Security Standard
Risk Assessments
Security policy implementation
Active Directory Baseline Security Configuration
OUHSC Group Policy Objects
Purpose
•
•
•
•
•
Compliance
Security
Ease administrative overhead
High level Polices Only
Tier 1s can still apply organizational preferred
settings
• User “buy-in”
Time Line
• 4 Week Implementation Life Cycle
– Week 1: IT will create and test the AD GP settings.
– Week 2-4: Tier 1s will apply and test each GP to their
respective AD Organizational Unit (OU) and present
feedback to IT. For settings that present a change for
their end-users Tier 1’s should communicate those
changes in advance to their user community. IT will
assist in developing appropriate communications.
– Week 5: IT will evaluate any feedback given and make
necessary modification before applying the settings at
the campus wide level.
Time Line(cont)
• 20 Settings
– Will be separate into 4 separate groups containing at most 3
sets of related settings to limit impact.
Example:
Time Line (cont)
Group 1:
Setting 1: – Network access: Allow anonymous SID/Name translation – Disabled
– Network access: Do not allow anonymous enumeration of SAM
accounts – Enabled
– Network access: Do not allow anonymous enumeration of SAM
accounts and shares –Enabled
– Network access: Let Everyone permissions apply to anonymous users
– Disabled
Setting 2 :
– Add workstations to domain
Account-Creators)
(Added Groups: OUHSC\Domain Admins, OUHSC\Computer-
Setting 3:
–
Turn on the auto-complete feature for user names and passwords on forms – DISABLED
IT Responsibilities
• Create GPOs and configure settings
• Assist Tier 1s in communicating GPO results to users
• Receive feedback from Tier 1s and assist in resolving
problems
• Apply GPO settings at the Domain level after testing
phase
Tier 1 Responsibilities
• Advise Users
• Apply GPOs to Active Directory Organization Units
• Give feedback to IT-OPS and IT-ISS
GPO Review
• Group Policy Objects:
1. Allows you to configure baseline settings to ensure all
resources have them same settings
2. Ease the administrative overhead in applying and
modifying end user device and servers.
3. “One-Stop-Shop” for demonstrating policy compliance
GPO Review (cont)
• Applying Group Policy Objects
1. Use MS built in Group Policy Management Console
(gpmc.msc)
1. Start > Run > gpmc.msc
GPO Review (cont)
• Applying Group Policy Objects
1. Use MS built in Group Policy Management Console
(gpmc.msc)
a. Start > Run > gpmc.msc
2. Apply GPOs to your Workstations OU.
GPO Review (cont)
• Applying Group Policy Objects
1. Use MS built in Group Policy Management Console
(gpmc.msc)
a. Start > Run > gpmc.msc
2. Apply GPOs to your Workstations OU
3. To apply the GPOs you right click on your OU and choose
“Link an existing GPO”
GPO Review (cont)
• Applying Group Policy Objects
1. Use MS built in Group Policy Management Console
(gpmc.msc)
a. Start > Run > gpmc.msc
2. Apply GPOs to your Workstations OU
3. To apply the GPOs you right click on your OU and choose
“Link an existing GPO”
4. All GPOs that are in this project will have a common
naming convention
GPO Review (cont)
• Applying Group Policy Objects
4. All GPOs that are in this project will have a common
naming convention
5. Choose the GPO you would like to link and repeat the
steps 2- 5 for each GPO you would like to apply there
after.
House Cleaning Help
• Clean up Computers OU
• Standardize GPO naming scheme
–
–
–
–
HSC-Dept-XXXX
Delete Old GPOs
Combine GPOs If possible
Remove GPOs with settings applies at higher lever
House Cleaning Help (cont)
Let’s Talk
Questions &
Concerns
???
Related documents
Group Policy Class Notes
Group Policy Class Notes
MCSE AND SYSTEM ADMINISTRATOR JOB INTERVIEW
MCSE AND SYSTEM ADMINISTRATOR JOB INTERVIEW
Group Policies
Group Policies
Deployment Assistance Programme
Deployment Assistance Programme
Svr2012InstallWeek04
Svr2012InstallWeek04
GPO Training Program Application
GPO Training Program Application
OUHSC Group Policy Objects - OUHSC Information Technology
OUHSC Group Policy Objects - OUHSC Information Technology
Group Policies
Group Policies
Module 6: Creating and Configuring Group Policy
Module 6: Creating and Configuring Group Policy
Group Policy: Notes from the Field - Tips, Tricks, and Troubleshooting
Group Policy: Notes from the Field - Tips, Tricks, and Troubleshooting
Lab 19 Configuring group policy Processing
Lab 19 Configuring group policy Processing
Module5
Module5
Download
advertisement