Sign in with
Sign up | Sign in
Your question

General Group policy security question

Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
May 23, 2005 2:29:32 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I am just sounding some info to see what responses I will receive. My
company is creating a separate secure network for a project. With an
emphasis on secure it’s my task to create the ad infrastructure. I know the
basics to lock down an ad environment (have been doing this for a few years)
What I wanted to know is there anyone out there that has something similar
and can share some experiences, especially working with group policy. The
server will be 2003 and the workstations will be xp. Is there anything you
guys think I should consider or just pay special attention to?
Anonymous
a b 8 Security
May 24, 2005 3:25:39 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

One important thing to note is that if the network has to be really secure
it has to be a separate forest and not just a separate domain within the
same forest.

From the Group Policy side, some good reading for you will be the Threats &
Countermeasures guide which include a bunch of extra GPO settings from MSS
that can tighten your DC builds.

Also be sure to configure the 'wait for network' settings so policy can't be
bypassed by pulling out the network cable just after logon!

http://www.microsoft.com/downloads/details.aspx?FamilyI...

"Angryblack" <Angryblack@discussions.microsoft.com> wrote in message
news:CCD72719-F88C-439A-8172-95343E8EBCFB@microsoft.com...
>I am just sounding some info to see what responses I will receive. My
> company is creating a separate secure network for a project. With an
> emphasis on secure it's my task to create the ad infrastructure. I know
> the
> basics to lock down an ad environment (have been doing this for a few
> years)
> What I wanted to know is there anyone out there that has something similar
> and can share some experiences, especially working with group policy. The
> server will be 2003 and the workstations will be xp. Is there anything
> you
> guys think I should consider or just pay special attention to?
!