Anyone a GPO wizard around here ?

S

scoobs

Well-Known Member
Joined
Sep 1, 2016
Messages
183
Reaction score
0
looking for some advise / help on GPO

any wizards here ?
 
Based on the detailed request I'm pretty certain somebody somewhere might be able to give some kind of answer
 
General Post Office?


Don't send valuables...
 
want to tighten up machine GPO policy, shared drive mapping etc
basically the network is a gaping hole and i want to start from the workstations up
 
scoobs said:
want to tighten up machine GPO policy, shared drive mapping etc
basically the network is a gaping hole and i want to start from the workstations up
Click to expand...

Honestly. It is painful trying to garner information from you.

Sit down and put a list of holes you want to plug and come back to us.
 
What are you scare of specifically?

Or just general, I want to gpo my clients?
 
@Deadmanza sorry dude, ok let me make a list and ill report back
 
scoobs said:
want to tighten up machine GPO policy, shared drive mapping etc
basically the network is a gaping hole and i want to start from the workstations up
Click to expand...

You don't need a wizard. You need standards. Against these standards, you can then have measurables, exceptions and lock downs.

Example:
Standard workstation (not a laptop) = XYZ OS
Office Installation
C: & D: drive
USB ports disallowed
Must be domain joined
Auto-renew certificate authentication based on domain membership
etc.

Standard Laptop
OS = XYZ Operating syste,
Office & Powerpoint std install
C: Drive only
C: Drive encryption
USB allowed for modem use only
Must be domain joined
Requires user based certificate for wifi auth
Auto-renew certificate authentication based on domain membership

That's just off the top of my head on some example items you want to look at.

Next, what's your OU structure like.
Which settings are you going to put into which policies?
How are you going to identify Laptops vs Workstations vs Servers? (the wrong answer is WMI Query)
Do you have a system software auditing tool in place?
Do you have a software deployment tool in place? (Say GPO and I will throttle you)
Which parts of the many identified items that you want to look at are you going to run in the logon script vs GPO?
What is your Password policy set at and why?
Have you got a plan on how your administration model is going to look like? (workstation admins, Super Users, etc)

Be prepared, what you have planned to lock down is multi-phased. It requires a lockdown from the firewall, to IDS/IPS, NAC and most importantly, complete process controlled object management in AD and requisite GPO's.
 
DMNknight said:
You don't need a wizard. You need standards. Against these standards, you can then have measurables, exceptions and lock downs.

Example:
Standard workstation (not a laptop) = XYZ OS
Office Installation
C: & D: drive
USB ports disallowed
Must be domain joined
Auto-renew certificate authentication based on domain membership
etc.

Standard Laptop
OS = XYZ Operating syste,
Office & Powerpoint std install
C: Drive only
C: Drive encryption
USB allowed for modem use only
Must be domain joined
Requires user based certificate for wifi auth
Auto-renew certificate authentication based on domain membership

That's just off the top of my head on some example items you want to look at.

Next, what's your OU structure like.
Which settings are you going to put into which policies?
How are you going to identify Laptops vs Workstations vs Servers? (the wrong answer is WMI Query)
Do you have a system software auditing tool in place?
Do you have a software deployment tool in place? (Say GPO and I will throttle you)
Which parts of the many identified items that you want to look at are you going to run in the logon script vs GPO?
What is your Password policy set at and why?
Have you got a plan on how your administration model is going to look like? (workstation admins, Super Users, etc)

Be prepared, what you have planned to lock down is multi-phased. It requires a lockdown from the firewall, to IDS/IPS, NAC and most importantly, complete process controlled object management in AD and requisite GPO's.
Click to expand...

Shiz ok, like i said im almost done with my list then i will pop in and you guys tell me if its going to work, thanks for the information its really helpful
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X