Hardening Windows School: Group Policy design checklist for intermediate levels

The following is one of three checklists to accompany Jonathan Hassell's Hardening Windows School, a series of six 10-minute webcasts designed to help you quickly and correctly lock down Windows systems. Lesson #4, Planning a Group Policy implementation with security in mind, premieres Thursday, June 9. Click for the course outline.

With power comes complexity and Group Policy is no exception. Many hours of Windows administrators' lives have been squandered away troubleshooting Group Policy. Answers to questions like, "Why isn't this policy in effect on this system?" or "I thought I turned off IPsec!" can be difficult to track down if your Active Directory is full of Group Policy Objects (GPOs) that are applied inconsistently, redundantly and inappropriately.

The most difficult aspects of configuring Group Policy correctly are planning and laying out the policy settings. Windows takes care of the actual deployment to client computers, which is one feature that makes Group Policy a compelling management tool. But this ease of deployment is a double-edged sword. It is just as easy to misconfigure an access control list or change a setting and wreak utter havoc on your domain. Anybody who has played with the "req

Digg This!     StumbleUpon     Del.icio.us

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

Even more difficult sometimes is getting the big picture: It is hard to see how your Active Directory layout and structure, which probably mimics your organization's hierarchical personnel structure, can co-exist with GPOs, which cross hierarchical boundaries and rely on other scopes of application. With careful planning, however, Group Policy can overlay your existing directory structure and complement it with its own management boundaries.

Try the following tips to keep your implementation in check. (Click here for the printable version.) [TABLE]

Windows Security Checklists offer you step-by-step advice for planning, setting up and hardening your Windows security infrastructure. E-mail the editor to suggest additional checklist topics.

More from Hardening Windows School

[TABLE]

Rate this Tip To rate tips, you must be a member of SearchEnterpriseDesktop.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.