Re: General Group policy security question
- From: "Simon Geary" <simon_geary@xxxxxxxxxxx>
- Date: Mon, 23 May 2005 23:25:39 +0100
One important thing to note is that if the network has to be really secure
it has to be a separate forest and not just a separate domain within the
same forest.
>From the Group Policy side, some good reading for you will be the Threats &
Countermeasures guide which include a bunch of extra GPO settings from MSS
that can tighten your DC builds.
Also be sure to configure the 'wait for network' settings so policy can't be
bypassed by pulling out the network cable just after logon!
http://www.microsoft.com/downloads/details.aspx?FamilyId=1B6ACF93-147A-4481-9346-F93A4081EEA8&displaylang=en
"Angryblack" <Angryblack@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CCD72719-F88C-439A-8172-95343E8EBCFB@xxxxxxxxxxxxxxxx
>I am just sounding some info to see what responses I will receive. My
> company is creating a separate secure network for a project. With an
> emphasis on secure it's my task to create the ad infrastructure. I know
> the
> basics to lock down an ad environment (have been doing this for a few
> years)
> What I wanted to know is there anyone out there that has something similar
> and can share some experiences, especially working with group policy. The
> server will be 2003 and the workstations will be xp. Is there anything
> you
> guys think I should consider or just pay special attention to?
.
- References:
- General Group policy security question
- From: Angryblack
- General Group policy security question
- Prev by Date: Re: GPO Creation oddity... please help
- Next by Date: Re: Slow link over VPN not updating GP settings
- Previous by thread: General Group policy security question
- Next by thread: Screen Saver
- Index(es):
Relevant Pages
|
Loading
