Saturday, February 25, 2012

Chapter 8

This chapter covered configuring the user and computer environments using group policy. Like a few other chapters in this course's book, alot of this was covered in CIS-256.The first section of the chapter focused on security policies you can set through GP. The admin can set many different policies in the group config node for a GPO, including local policies, system services, registry file system and IPsec, etc. The user config node allows the admin to set public key and software restriction policies. One new application for account policies for server 08 is the ability to have a specific password policy implemented for a specific user within a domain, either less or more restrictive than those set in the password policy for the group, called fine-grained password policies. Audit policies allow administrators to track security events, including user attempts to access restricted resources. Event viewer can be configured to log only certain events, size, retention and the access rights of the log. There are logs for each type of service (AD, DNS, etc.) as well. Folder redirection is a GP folder that allows the admin to set the contents of a folder they specify to go to a network or another folder on the user's hard drive. This allows a folder's contents to be backed up as part of the server backup process and allows a user to gain access to a folder that would normally be inaccessable if it id on their personal machine, rather than on a network somewhere. Offline files allows users to modify copies of files that are stored on the network, and the changes made are then made to the original when the machine is reconnected. Disk quotas set the amount of space a user can store on a network.Group policy can be set ona refres interval automatically or manually, if the admin wants to set a policy that does not require a restart of their machine.

No comments:

Post a Comment