Group Policies

(OBJ .)

Group Policy

• A set of rules and policies that can be applied to users or computer accounts within an operating system

Accessing Group Policy Editor

• Access the Group Policy Editor by entering "gpedit" in the run prompt
• The local Group Policy Editor is used to create and manage policies within a Windows environment

Group Policies Overview

• Each policy acts as a security template applying rules such as
  • Password complexity requirements,
  • Account lockout policies
  • Software restrictions
  • Application restrictions
• In a Windows environment with an Active Directory domain controller, you have access to an advanced Group Policy Editor

Security Templates

• A group of policies that can be loaded through one procedure
• In corporate environments, create security templates with predefined rules based on administrative policies
• Security Template
  • A group of policies that can be loaded through the Group Policy Editor
• Group Policy Objective (GPO)
  • Used to harden the operating system and establish secure baselines

Baselining

• A process of measuring changes in the network, hardware, or software environment
• Helps establish what "normal" is for the organization
• Identifies abnormal or deviations for investigation

Group Policy Editor in Windows

• Access the Group Policy Editor by entering "gpedit" in the run prompt
• Create allow or block list rules for application control policies

Creating a Rule in Group Policy Editor

• Launch the Group Policy Editor
• Navigate to "Computer Configuration" > "Windows Settings" > "Security Settings" > "Application Control Policies" > "App Locker”
• Create an executable rule
• Choose to allow or deny
• Select who the rule applies to (e.g., everyone)
• Define the rule based on conditions like publisher, path, or file hash
• Specify the path to be blocked (e.g., the temp directory)
• Name the rule and provide a description
• Decide whether to create default rules (allow or deny) and save the policy
• Deploy the policy across the environment for system hardening

Rules in Group Policy Editor

• Allow Rules (Default)

  • Allow files in the "Program Files" directory to launch
  • Allow files in the "Windows" folder to launch
  • Allow administrators to launch any file

• Deny Rule (Custom)

  • Block all files from running in the "temp directory"

• By following these steps, you can establish a secure baseline for your Windows systems, improving overall security and policy management