![]() Have a formalized change management planįinally, it's important to have a formalized change management plan for group policy settings. The Group Policy Management Console includes an interface that you can use to figure out where a particular policy setting was applied, but your life will be a lot easier if you can simply avoid creating contradictory settings. When contradictions occur, Windows uses the group policy's level within the hierarchy to resolve the conflict. An administrator might, for instance, create domain level-policy that requires 8-character passwords, but then create an OU level-policy that requires 12-character passwords. It's a common mistake to create contradictory settings at various levels of the Group Policy hierarchy. You should never block policy inheritance or policy enforcement doing so tends to make troubleshooting problems far more difficult. Don't block policy inheritance or enforcement Separating group policies by function slightly increases the amount of time that it takes users to log in, but it can greatly simplify the troubleshooting process.Ĥ. ![]() Separating group policies by function slightly increases the amount of time that it takes users to log in, but it can greatly simplify the troubleshooting process. For example, you might create a group policy that controls browser settings and another group policy that controls AppLocker. Rather than creating a large monolithic group policy that controls all the operating system's settings, consider creating a series of smaller policies that focus on certain things. Third-party tools are better suited for anything beyond the occasional one-off policy evaluation. However, this is a manual process and the tool is not designed to examine desktops in bulk. You can use this tool to compare a desktop's local security policy against a baseline group policy. The Microsoft Security and Compliance Toolkit includes a tool called the Microsoft Policy Analyzer. As such, you may want to invest in a third-party tool that can periodically scan for configuration drift. This will help to ensure that desktops are configured in a consistent manner, including the local security policy.Ĭonfiguration changes will inevitably occur over time, however. Deploy desktops with a Windows 10 deployment imageĪnother Group Policy best practice is to create a Windows 10 deployment image and then use that image to deploy all future Windows 10 desktops. These local policies will help to keep Windows 10 machines secure if Windows is unable to log into a domain. You should use local security policies in conjunction with Active Directory-level security policies that are applied at the site, organizational unit (OU) or domain level. ![]() There are a variety of best practices for using Group Policy settings with Windows 10 desktops. These are just a few potential uses there are thousands of group policy settings that can establish granular control over the way that Windows 10 behaves. You can also use group policies to prevent users from being able to use removable media, or to prevent users from running executable code from removable media. For instance, you can use group policy settings to block user access to some of the operating system's more sensitive areas, such as the Control Panel or the Command Prompt. The most common use for Group Policy settings is to enforce password requirements, but there are many other potential uses. In most cases, group policies are configured with the goal of maintaining the operating system's health and security. When it comes to Windows 10 desktops, you should first determine what you hope to accomplish through the use of group policies. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |