Gayblack Canadian Man

Foreign Policy Analysis
Group Policy – CompTIA Security+ SY0-401: 5.3

Group Policy – CompTIA Security+ SY0-401: 5.3


If you’re administering a
lot of different systems, then you’ve probably run into
the scenario where you’ve needed to manage or change one
particular feature or setting on many different devices. And instead of going
from one device to another to
another individually, in the Windows world we
do this with something called group policy. This group policy
management allows you to select different
capabilities of the system and be able to
manage or set those across entire groups or
even your entire network and every computer within it. There are literally thousands
of configuration settings within Windows, and group policy
allows you to easily administer that from one
separate application. This is something
that’s a little bit different than setting
permissions to an NTFS folder or a share
that’s on the network. Those are very specific
to gaining access to data. The Group Policy
settings allow you to change how the
system is configured. Here are some good
examples of user rights assignments within group policy. If you wanted to allow
or not allow someone to change the system
time, you can do that within group policy. You can allow or
not allow someone to change the time zone. You can adjust memory
quotas for a process or allow or disallow someone
from logging on locally. As I mentioned,
there are thousands of these that you
can choose from, and that gives the administrator
of these systems a lot of control. This is a capability
that is generally linked to Active Directory. When you have devices
that are authenticated to one central directory
system in Windows, you can then manage
all of those devices. And you can even break
out these group policies by different areas of
the company or even different groups. If you wanted to set a
certain set of group policies for the marketing
department and have a different set for
shipping and receiving, you can do all of that from the
Group Policy Management editor. There are generally two
different areas in group policy that we would look at. One is the
administrative policies and the other one is
the security policies. In the administrative
policies, we would do things like
add or remove programs. Allow people to change
sounds or prohibit them from changing any of the sounds. Allow or disallow
font downloads. These are settings
that you can really tweak and modify to get exactly
the user experience that you would like, and to make sure
that the desktop environments that they’re using
are able to work without any type of problems. The security policies are
obviously much more focused on the security side of
the operating system. We can specify what a minimum
password length might be. We could require that someone
authenticate to a system and must use a smart card during
that authentication process. Or you can do things
like enforce certain log in restrictions on the user. As you can see,
you can spend a lot of time working on
these group policies. But you’re also able to
create a desktop that’s going to provide
accessibility for your users, and at the same time
keep everything secure.

Leave a Reply

Your email address will not be published. Required fields are marked *