……….
What Is the Default Domain Security Policy?
• Provides account policies for the domain; other settings are not configured by default
• Use to provide security settings that will affect the entire domain
• Use domain policy to provide security settings, as a best practice. Use separate GPOs to provide other types of settings
What Are Local Policies?
Every computer running Windows 2000 and later has a local security policy that is part of local Group Policy
Domain policy will override local policies in cases of conflict
In a workgroup, you must configure local security policies to provide security
You can assign local rights through local Group Policies
Security options control many different aspects of a computer’s security
What Are Network Security Policies?
Separate wireless policies for Windows XP and Windows Vista
Windows Vista policies contain more options for wireless
Windows Vista wireless policies can deny access to wireless networks 802.1x authentication can be configured via Group Policy
Only Windows Vista and later can receive wired network policies
Define the available networks and authentication methods for wireless connections for Windows Vista and Windows XP clients, and LAN authentication for Windows Vista and Windows Server 2008 clients
Demonstration: What Is the Default Domain Controller Security Policy?
In this demonstration, you will see the default domain controller policy settings
Provides an extra layer of security for domain controllers
Allows many user rights to be configured
Provides enabled auditing
Implementing Fine-Grained Password Policies
• Shadow groups can be used to apply a PSO to all users that do not already share a global group membership
• A user or group could have multiple PSOs linked to them
• The precedence attribute is used to resolve conflicts
• Lower precedence values have higher priority
• PSOs linked directly to user objects override PSOs linked to a user’s global groups
• If there are no PSOs, normal domain account policies apply