Group Policy Flashcards Preview

MCSA - Windows server 2012 R2 > Group Policy > Flashcards

Flashcards in Group Policy Deck (43)
Loading flashcards...
1
Q

Group Policy Container

A

Lives in AD, and can access through ADUC. Used to store properties of GPOs. Contains sub-containers for users and computers.

2
Q

Group Policy Template

A

contains all info, and policy settings of each GPO. Lives in the Sysvol. Find content of GP itself.

3
Q

GP Container Location

A

View advanced features in ADUC. System/Policies.

Check attribute editor for display name of the GUID policy.

or

Windows Run command.

\company.pri\sysvol\company.pri

4
Q

Group Policy Object

A

comprised of computer config and user config.

5
Q

GP Computer Config

A

Used to manage settings for the computer. Associated with the HKEY localusers hive.

6
Q

GP User Config

A

Things associated with users and the profiles. HKEYCurrent Users in the registry.

7
Q

OU Organization

A

Separate OUs that contain computer objects, and thos that contain user objects specialized for GP.

8
Q

GPME

A

Group Policy Management Editor.

9
Q

Group Policy Precedence

A
  • Local
  • Site
  • Domain
  • Organization Unit - Last Writer. This will over right anything above.
10
Q

Configure a Central Store

A

.ADM provided list of possible questions for a GPO’s settings.

.ADMX took all of the content that was in the ADM files and put it into XML to shrink the size of files. Reference happens through a GP central store that exists in the sysvol. Content exists on DC at c:\windows\Policy Definitions.

ADML human readable language for the ADMX files. Same location. In the folder of en-US.

Copy to domain sysvol in order to obtain the central store in other DCs.

11
Q

Starter GPOs

A

Create GPO templates.

12
Q

Get-GPO

A

Gets the GPO information

13
Q

Backup-GPO

A

Backs up one GPO

14
Q

Copy-GPO

A

Copies a GPO

15
Q

Get-GPOReport

A

Generates a report for GPO.

16
Q

Import-GPO

A

Imports GPO

17
Q

Where GPO exist

A

Group Policy Objects container within the GPM tree.

18
Q

WMI Filters

A

Take characteristics of users and computers and you can use those as mechanisms to apply group policy.

19
Q

MLGPO

A

Multiple Local Group Policy Objects. Kiosk systems. Extremely locked down machines. Non Domain joined systems. The precedence order goes as folllows:

  • Local GPO - local user and computer.
  • Administrator vs. Non-Admin.
  • Individual Users. (Last Writer Wins)
20
Q

Group Policy Object Editor

A

Specific to the local machine group policy.

21
Q

Disable local built-in admin and replace with “localadmin” user.

A
  • Create new GPO in appropriate OU.
  • Edit in the GPME.
  • Policies/Windows Settings/Security/Restricted Groups

Or use GP Preferences:

  • Control Panel settings/ Local Users and groups.
  • Choose new Local user “localadmin”
22
Q

Add IT Group to Administrators

A
  • Go to control panel settings/local users and groups
  • Choose new Local group
  • Create New Local group as “Administrators”
  • Add appropriate members
  • Select a variable to add local admins into group. I.E.(%ComputerName%\localadmin)
23
Q

Grant IT Backups group rights to perform remote backups

A
  • Go to GPME
  • Policies/Windows Settings/Security Settings/Local Policies/User Rights Assignment
  • Add appropriate group to “back up files and directories”
  • Add appropriate group to “Access this computer from the network” to allow backups remotely.
24
Q

Enforce machine lock after 15 minutes of inactivity, and display user information once session is locked

A
  • GPME. /Policies/Windows Settings/Security Settings/Local Policies/Security Options
  • Choose Interactive Logon: Machine inactivity limit
  • Choose Seconds parameter.
  • Then Choose Interactive Logon: Display User information when the session is locked.
25
Q

Audit logon and account logon failure events

A

-GPME. /Policies/Windows Settings/Security Settings/Local Policies/Audit Policy

Configure the granular audit policies instead of general listed above.

  • Then check in the same directory for /Advanced Audit Policy Configuration/Audit Policies/Account Logon
  • Then choose in the same directory /Logon/Logoff and choose the failure to report on.
26
Q

Audit removable storage

A
  • GPME. /Policies/Windows Settings/Security Settings/Advanced Audit Policy Configuration/Object Access/Audit removable storage.
  • Audit event on success and failure.

Ensure to force audit policy subcategory settings within the security options under “local Policies” in the GPME.

27
Q

Enforce UAC for admins and remote OTS elevation prompt (access denied for non admins)

A
  • GPME. /Policies/windows settings/security settings/Local Policies/Security Options/User Account Control: Behavior of the elevation prompt for administrators in admin approval mode.
  • Choose Prompt for consent on the secure desktop.
  • Go tp /UAC: behavior of the elevation prompt for standard users.
  • Choose automatically deny users.
28
Q

Disable UAC for software installations.

A

-GPME. /policies/Windows Settings/Security Settings/Local Policies/ Security Options/ UAC: Detect application installations and prompt for elevation.

29
Q

Get Audit Policy in CLI

A

auditpol /get /category:*

30
Q

Get Audit Policy in CLI

A

auditpol /get /category:*

31
Q

Configure Security Templates

A

Export the security policy into an .inf file format. You can import a file that doesn’t have AD. Open an MMC, and add in the “Security Templates” & “Security Configuration”. View contents of the .inf file you created. Open the template in a database. Then analyze the computer in relation to the template.

32
Q

Blacklisting

A

anti-malware solution. “I don’t want this code to execute on my systems.” Requires constant updating.

33
Q

Whitelisting

A

identify what is allowed.

34
Q

SRP

A

Software Restriction Policies.

  • introduced with Windows 2003.
  • Supported on all OS Versions.
  • Scoped to all users.
  • File hash, path, certificate, registry, path, and internet zone rules
  • Blacklisting and whitelisting
  • Always enforcing
35
Q

AppLocker

A
  • Introduced with Windows 7/2008r2
  • Requires windows 7/8 enterprise or Windows Server STD/ENT/Datacenter
  • Scoped to specific users or groups.
  • File hash, path, and publisher rules.
  • Whitelisting only.
  • Enforcing or merely auditing.
36
Q

SRP Location

A

GPME. /Policies/Windows settings/Security Settings/Software Restriction Policies.

Define Security Levels. “Disallowed, Basic User, Unrestricted”

Identify Additional Rules.

37
Q

Certificate Rule in Defining SRP

A

Allows you to identify the certificate that is used to sign the app or exe.

Fairly unlikely you would have the cert that “Intuit” would use for their app.

38
Q

Hash Rule for Defining SRP

A

Provide a mechanism to hash the file digitally that corresponds with the code in the file. Long list of numbers.

Hash Rule can be nice if you know every exe that is going to run.

39
Q

Path Rule for Defining SRP

A

You identify a path that any content in that location is allowed to run. Any EXE can run in the folder.

A user could just add in that location. It could create some other problems.

40
Q

Network Zone Rule for defining SRP

A

in IE you can determine network zones. You can determine which zone to classify. For example, ‘Internet’, ‘Local Computer’, ‘Local Intranet’, ‘ Restricted sites’, ‘Trusted Sites.’

41
Q

AppLocker Policies

A

GPME. /Policies/Windows Settings/Security Settings/Application Control Policies/AppLocker

  • Executable rules
  • Windows Installer rules
  • Script Rules
  • Packaged app Rules.

Enforce or audit only.

42
Q

Auto Create Applocker Rules

A

Right Click on Rule. Click Automatically generate rules. . Choose directory to scan executable files. Then choose publisher rules for files that are digitally signed.

43
Q

Deploy AppLocker

A

Enable Application identity service. Add GPO into appropriate OU. Then Link it to the OU of test machines.