Application of Win 2003 Group Policy and Security Templates

Group Policy is used to configure multiple Microsoft Active Directory directory service users and computer objects from a single point. By default, a policy affects not only the objects in the container to which the policy is applied, but also the objects in the child container.

Group Policy includes security settings under "Computer Configuration, Windows Settings, Security Settings". You can configure the settings by importing pre-configured security templates into the policy.

Apply Group Policy

The following steps show how to apply Group Policy and how to assign security groups to "user rights assignments".

Apply Group Policy to an Organizational Unit or Domain

1. Click "Start","Administrative Tools","Active Directory Users and Computers" "Active Directory Users and Computers".

2. Highlight the relevant domain or organizational unit, click the "Actions" menu, and select "Properties".

3. Select the "Group Policy" tab.

Note: Multiple policies can be applied per container. The order in which these policies are processed is from the bottom of the list. If a conflict occurs, the last applied policy takes precedence.

4. Click "New" to create a policy and give it a meaningful name, such as "Domain Policy".

Note: Click the "Options" button to configure "Disable Override" Settings. "Forbidden substitution" is configured for each individual policy, not for the entire container; "block policy inheritance" is configured for the entire container. If the "Forbidden override" and "block policy inheritance" settings conflict, "prohibit substitution" set priority. To configure "block policy inheritance", select the checkbox in the OU property.

Group Policy is automatically updated, but to start the update process immediately, use the following GPUpdate command at the command prompt: GPUpdate /force

To "User Rights Assignment" Add Security Groups

1. Click "Start" "Administrative Tools", "Active Directory Users and Computers", and open "Active Directory Users and Computers".

2. Highlight the relevant OU (eg "Member Server"), click the "Action" menu, and select "Properties".

3. Click the "Group Policy" tab, select the relevant policy (such as "Member Server Baseline Policy"), and then click "Edit".

4. In the "Group Policy Object Editor", expand "Computer Configuration", "Windows Settings", "Security Settings", "Local Policies" Then highlight "User Rights Assignment".

5. In the right pane, right-click on the relevant user privilege.

6. Check the "Define these policy settings" checkboxes and click "Add users and groups" to modify the list.

7. Click "OK".
Importing Security Templates into Group Policy

The following steps show how to import security templates into Group Policy.

Importing Security Templates

1. Click "Start" Start ", "Administrative Tools", "Active Directory Users and Computers", Open "Active Directory Users and Computer".

2. Highlight the relevant domain or OU, click the "Action" menu, and select "Properties".

3. Select the "Group Policy" tab.

4. Highlight the relevant policy and click "Edit".

5. Expand "Computer Configuration", "Windows Settings", and then highlight "Security Settings".

6. Click the "Action" menu and select "Import Policy".

7. Navigate to \\Security Guide\\Job Aids, select the relevant template, and click "Open".

8. In the "Group Policy Object Editor", click the "File" menu and select "Exit".

9. In the container properties, click "OK".

Using "Security Configuration and Analysis"

The following steps show how to use "Security Configuration and Analysis" to import, analyze, and apply security templates.

Import Security Templates

1. Click "Start", "Run". Type mmc in the "Open" text box, then click "OK".

2. In the Microsoft Management Console, click "File", select "Add/Remove Snap-in".

3. Click "Add" to highlight "Security Configuration and Analysis" in the list.

4. Click "Add", "Close", "OK".

5. Highlight "Security Configuration & Analysis", click "Operation" menu, select "Open Database".

6. Type a new database name (such as Bastion Host) and click "Open".

7. In the "Import Template" screen, navigate to \\Security Guide\\Job Aids and select the relevant template. Click "Open".

Analyze imported templates and compare them to current settings

1. Highlight "Security Configuration and Analysis" in the Microsoft snap-in, click the "Actions" menu, and select "Immediately analyze computer".

2. Click "OK" to accept the default "error log file path".

3. After completing the analysis, expand the node title to study the results.

Applying a Security Template

1. Highlight "Security Configuration and Analysis" in the Microsoft snap-in, click the "Operation" menu, select "Configure Computer Now" .

2. Click "OK" to accept the default "error log file path".

3. In the Microsoft Management Console, click "File", then select "Exit"Close "Security Configuration & Analysis".