• Thursday, July 23, 2015

    10:06 PM 0
    How to create a group policy?

    1. Go to "Server Manager" --> "Tools" --> "Group Policy Management"



    2. Right click on Group Policy Object (GPO) and create a new GPO. 



    3. Right click on your newly created GPO and select edit to set a group policy


    How to apply a group policy?


    1.Right click where you need to apply policy on domain tree and select "Link existing GPO" to select the GPO


    01. Password Policy

    Password Policy is for change some attributes of domain users passwords to force users to apply good secure password to gain high security. Refer the following image to find the policy location.


    There are 5 attributes under password policy.
    Enforce password history – Determine the no of passwords, user account can use before it reuse its old password.
    Maximum Password age – Valid period for users’ current password. User need to renew the password after exceeding this value.
    Minimum Password age – Minimum days need to use password after changing it before change it again.
    Password must meet complexity requirements – Password should met following requirements.
    Not contain the user's account name or parts of the user's full name that exceed two consecutive characters.
    Be at least six characters in length.
    Contain characters from three of the following four categories:
    English uppercase characters (A through Z)
    English lowercase characters (a through z)
    Base 10 digits (0 through 9)
    Non-alphabetic characters (for example, !, $, #, %)
    Store passwords using reversible encryption - This security setting determines whether the operating system stores passwords using reversible encryption. This policy provides support for applications that use protocols that require knowledge of the user's password for authentication purposes. This is same as keeping password in plain text


    02. Account Lock Policy

    This policy prevents malicious user access by locking the user account for period of time after particular no of attempts of unsuccessful passwords. This will prevent attempts of burst force attacks.

    Account Lock Down Duration – Period of time account keep lock after unsuccessful attempts
    Account lockout threshold – No times user can try password before account get lock
    Reset account lockout counter after – Period of time need to reset, lock out counter to 0


    03. Rename Administrator Account

    This policy use to rename the local administrator accounts in domain computers. Keeping default local administrator account may vulnerable for attacks because everyone know the username.



    04. Guest account statues

    This policy is use to enable or disable local guest account. Accessing through a guest account will also reveal considerable amount of data about domain computer. So disabling it will increase the security level.


    05. All Removable Storage classes: Deny all access

    This policy will disable mounting all removable disks. This will prevent stealing sensitive data out from computer and virus attacks which come though removable disks.






    Continue reading
    Posted by at No comments: Edit