Group Policy in network administrators can control the working environment of users and computer accounts in Active Directory.
Administrators to manage and configure Computer and User Configuration in Windows Settings, Software Settings, and Administrative Templates Policy Manage.
GPMC (Group Policy Management Console) in create Group Policy Object. The GPO in selected Active Directory containers, sites, domains or organizational units (OU). The GPMC in create a GPO that defines registry polices,
software installation, security options and maintenance options, scripts options and folder redirection options.
software installation, security options and maintenance options, scripts options and folder redirection options.
Step 1 -
First you can open server manager in select Manage and create new roles and feauters in select Group Policy Management policy rules add. After click Tools in select Group Policy Management.
Step 2 -
Then open GPMC(Group Policy Management Console). After create new group policy object and select Edit from the menu.
Step 3 -
The Group Policy Management Editor(gpedit.msc) window will now open. And open Computer Configuration and user configurations rule.
Types of GPOs
Three types of group policy
(1)Local Group Policy Objects
(2)Non-local Group Policy Objects
(3)Starter Group Policy Objects
Top 10 Group Policy Settings:
(1)Limiting Access to Control Panel
(2)Prevent Windows from Storing LAN Manager Hash
(3)Disabling Command Prompt
(4)Disable Forced System Restarts
(5)Disallow Removable Media and Drives
(6)Restrict Software Installations
(7)Disable Guest Account
(8)Set Minimum and Maximum Password Length and Age
(9)Switching Off Windows Defender
(10)Disable Windows Update
(1)Limiting Access to Control Panel
(2)Prevent Windows from Storing LAN Manager Hash
(3)Disabling Command Prompt
(4)Disable Forced System Restarts
(5)Disallow Removable Media and Drives
(6)Restrict Software Installations
(7)Disable Guest Account
(8)Set Minimum and Maximum Password Length and Age
(9)Switching Off Windows Defender
(10)Disable Windows Update
(1)Limiting Access to Control Panel
User Configuration > Administrative Template > Control Panel > Prohibit access to Control Panel and PC settings in Enabled on click.
(2)Prevent Windows from Storing LAN Manager Hash
Computer Configuration > Security Settings > Local Policy > Security Options > Network Security:Do Not store LAN Manager hash..in enable on click
(3)Disabling Command Prompt
User Configuration > Administrative Templates > System > Prevent access to the command prompt in click enabled mode.
(4)Disable Forced System Restarts
Computer Configuration > Administrator Templates > Windows Components > Windows Update > No auto-restart with logged on users for scheduled automatic update installations in Enabled on click.
User Configuration > Administrative Templates > System > Removable Storage Access > Removable Disks: Deny read access in Enabled on click.
(6)Restrict Software Installations
Computer Configuration > Administrative Templates > Windows Components > Windows Installer > Turn off Windows Installer > Prohibit User Installs in Enabled on click.
(7)Disable Guest Account
Computer Configuration > Security Settings > Local Policies > Security Options > Account Guest account status Properties in Disabled on click.
(8)Set Minimum and Maximum Password Length and Age
Computer Configuration > Windows Settings > Security Settings > Password Policy in Maximum and Minimum password Age and Length set as per your requirement.
(9)Turn Off Windows Defender
Computer Configuration > Administrative Templates > Windows Components > Windows Defender > Turn off Windows Defender in Enabled on click.
Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates in Enabled on click and set time.
NOTE : Group Policy in updating policy run as administrator in PowerShell or Command Prompt type cmd - gpupdate /force.
Group Policy update after system restart or sign out
More Links : -
0 Comments