Labels

Common Group Policy Issue and concept

Group Policy Object concept

The Local Group Policy object (Local GPO) is stored on each individual computer, in the hidden Windows\System32\GroupPolicy directory. Generally, each computer running Windows has exactly one Local GPO, regardless of whether the computers are part of an Active Directory environment. Local GPOs are always processed, but are the least influential GPOs in an Active Directory environment, because Active Directory-based GPOs have precedence.

At the domain level, a GPO is a collection of Group Policy settings stored as a virtual object consisting of a Group Policy container and a Group Policy template. The Group Policy container, which contains information about the properties of a GPO, is stored in Active Directory on each domain controller in the domain. The Group Policy template contains the data in a GPO and is stored in the SYSVOL in the /Policies subdirectory

Push GPO to user' s PC from DC

  1. Permission

 

Authenticate user - Uncheck apply GPO

Domain Computer (any PC or user group) - Check apply GPO

 

  1. Firewall

 

Enable

Remote Scheduled Task Management (RPC)

Remote Scheduled Task Management (RPC-EPMAP)

Windows Management Instrumentation (WMI-In)

 

For inbound rule


File Help Settin95 Scripts (ΈΕΕ η -3) *ith S« Rule-s List Mana-gu Remcte S'heduled (RPC) Task, (0COM•In) Remole S'heduled Remote S'heduled T%ks lnst'„. lnst'„. V•lindOws p tofile ΑΙΙ ΑΙΙ Allow

 

Common errors

 

Remote Group Policy update results Group Policy update will be forced on all computers within IVYCOT Domain and all subcontainers within the next 10 minutes. 30th user and computer policy settngs will be refreshed. Completed (I of I) Computer Name Failed (1) Error Code Err or Description The remote procedure call v.•as cancelled.

 

  1. Firewall

 

Firewall policy enabled related ports

 

GPO push update

 

Invoke-GPUpdate -Computer PMNT-WS-IT-03 -RandomDelayinMinutes 0

 

https://docs.microsoft.com/en-us/archive/blogs/grouppolicy/group-policy-in-windows-server-2012-using-remote-gpupdate

Windows OS Hardening

1. Disable Type Search/Apps in Windows 10

Disallowed following path from

Computer/User Configuration - Policies - Windows Settings - Security Settings Software Restriction Polices - Additional Rules

Group Policy Management Editor File Action View Help TEST Restrict PC and Download Only allow Chrome Computer Configuration User Configuration v Policies Software Settings v Windows Settings Scripts (Logon/Logoff) v Security Settings Public Key Policies v Software Restriction Policies Security Levels Additional Rules Folder Redirection Policy based QCS Deployed Printers Administrative Templates: Policy definiti( Preferences Name Type %HKEY LOCAL Path %HKEY LOCAL Path Path Security Level Unrestricted Unrestricted Disallowed

Type Search
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy

Edge

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe

C:\Program Files (x86)\Microsoft\EdgeWebView

C:\Program Files (x86)\Microsoft\EdgeUpdate

C:\Program Files (x86)\Microsoft\EdgeCore

C:\Program Files (x86)\Microsoft\Edge\Application

WindowsApps

C:\Program Files\WindowsApps

 

PowerShell

%SystemRoot%\syswow64\WindowsPowerShell\v1.0\
%SystemRoot%\system32\WindowsPowerShell\v1.0\
%windir%\syswow64\WindowsPowerShell\v1.0\
%windir%\system32\WindowsPowerShell\v1.0\

 

Enable PowerShell for Administrators

 

Users - Disable PowerSheII.exe Security Settings Group or user names: Domain Admins (adpro\Domain Admins) Entapfise Admins (adpro\Entavphse Admins) GPO - Enable PowarSheII (adpro\GPO - Enable PowerSheI Permissions for GPO - Enable P0',varSheII Read Witte Create all child objects Delate all child Apply group policy Allow Deny For special permissions or advanced settings. click Advan ced

 

2. Remove Search bar in TaskBar

1. Hidden

Registry Hive    HKEY_CURRENT_USER

Registry Path    SOFTWARE\Microsoft\Windows\CurrentVersion\Search

Value Name    SearchboxTaskbarModes

Value Type    REG_DWORD

Value    00000000


2. Small

Registry Hive    HKEY_CURRENT_USER

Registry Path    SOFTWARE\Microsoft\Windows\CurrentVersion\Search

Value Name    SearchboxTaskbarModes

Value Type    REG_DWORD

Value    00000000


3. Large

Registry Hive    HKEY_CURRENT_USER

Registry Path    SOFTWARE\Microsoft\Windows\CurrentVersion\Search

Value Name    SearchboxTaskbarModes

Value Type    REG_DWORD

Value    00000000

3. Common URL Whitelisted

1. Whitelist CAPTCHA
    recaptcha.net

2. Whitelist MS suit

    office.com
    login.windows.net
    login.microsoftonline.com
    account.activedirectory.windowsazure.com
    contactpoint360inc.sharepoint.com
    contactpoint360inc-my.sharepoint.com
    outlook.office.com
    aka.ms
    teams.microsoft.com
    CAC-excel.officeapps.live.com
    CAC-word-edit.officeapps.live.com
    CAC-onenote.officeapps.live.com


 

Labels:

Comments

Post a Comment

Popular Posts

Disclaimer

This blog is not intended to be advice on how to manage your environment. these accounts are based on experiences of my own lab. Always approach information you find outside official documentation with skepticism and follow the golden rule: Never test in production.