Scribd
Upload
25 views3 pages

5 GRP Policies

Uploaded by

lake lacosero
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
25 views3 pages

5 GRP Policies

Uploaded by

lake lacosero
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Emmanuel John Cardeño

BIT41

5 Group policies for the computer windows domain

 Preventing windows from storing LAN Manager Hash


Windows generates both NT and LM hash passwords and stores them to the SAM(Security
Accounts Manager or AD(Active Directory). Since they are weak and easy to hack, we should
prevent LM hash of your passwords.

First step is to go Computer configuration – Windows Settings – Security settings – Local policies
and Security options. Second step is checking the right pane and click Network policy: Do not
store Lan Manager value on next password policy. Last step is Check define this policy settings,
enabled it, apply and click ok.

 Turning Off One Drive


OneDrive can sync directly to folders in File Explorer. If a company suddenly sends everyone
home to work, users are going to set themselves up with what they need. If an intranet like
SharePoint is not used frequently then users will use what they have on hand, OneDrive.

First step is go to Computer Configuration – Administrative Templates – Windows Component –


One Drive in group policy management editor. Second step is to click the Prevent the usage of
One Drive for file storage. Last step is enabled it, Apply and click ok.

 Set Minimum Password Length to Higher Limits


Always create strong password at least 15 characters to prevent hacking, vulnerabilities and
other attacks. You can also change password lengths.

First step is go to Computer configuration – Windows settings – Security settings – Account


policies – password policy in in group policy management editor. Last step is click Minimum
password length policy and check define this policy setting. Choose your password length, click
apply and ok.

 Disable Anonymous SID enumeration


Active Directory stores the account SID in the object SID property to a user or group. These
contains information to the important users and groups. The data will be easily hacked and sees
all of their information. This feature must remained disabled.

First step is go to Computer configuration – Policies – Windows settings – Security Settings –


Local Policies – Security Options in in group policy management editor. Last step is click Network
Access and check Do not allow anonymous enumeration of SAM accounts and shares policy
setting. Click apply and ok.
 Turning off forced restarts on your servers
We always update in windows update to ensure that windows are in latest version and updating
drivers and devices which pushes you to restart all the time. Some users forgot or turn off their
computers and when the restart starts, it can lose your files and works on your documents.

First step is go to Computer configuration – Administrative Templates – Windows Component –


Windows update in in group policy management editor. Last step is click “No restart with logged
users for scheduled automatic updates installations” policy. Last step is click enabled, apply and
ok.

5 Group policies for the users windows domain

 Do not allow removable media devices


USB, floppy disk, hard disk, and SD cards are dangerous to your system. They will cause worms,
trojans, scripts, keylogger, and malware. You can disable them in the settings.

First step is to go User configuration – Policies – Administrative Templates – System –


Removable Storage Access. Last step is to click All removable storage classes: Deny all accesses
policy, enabled it, apply and click ok.

 Make sure access to command prompt is restricted


Although command prompt is useful to system administrators but when using it in a wrong way,
it will affect and damage to our networks.

First step is to go User configuration – Windows settings – Policies – Administrative Templates –


System. Last step is to click prevent access to command prompt policy, enable it, apply, and click
ok.

 Limit access to the Control Panel in windows


It is important to limit access to the control panel even if the user is not administrator on
windows to prevent harms from network and security.

First step is go to User configuration – Administrative Templates – Control Panel. Last step is to
click “Prohibit access to control panel and pc settings, enable it, apply and click ok.

 Preventing deleting files and web content on active desktop


It is important to prevent deleting important files and web content to ensure that your files are
there.

First step is go to User Configuration – Administrative Templates – Desktop. Last step is to click
prohibit deleting items policy, enable it , apply, and click ok.
 Prohibit users to access LAN connections
This is common because users can take action to these LAN connections and apply attacks and
vulnerabilities.

First step is to go User Configuration – Administrative Templates – Network – Network


Connection. Last step is to click Prohibit access to properties of a LAN connection, enabled it,
apply and click ok.

You might also like