Group Policy Objects for Managing Groups of Objects
Introduction
It is a crucial responsibility of the system administrator to control the additional computers and all the computers in a system using a robust cybersecurity platform. This process involves the addition of extra security capabilities to provide centralized management and computer systems’ configurations that prevent data breaches or infiltration. Group policy is a system supported by Microsoft Windows Active Directory to protect, secure, and control access to computer systems.
Each application in the environment has its resources that are possessed only by that application (Vepa, Sastry, Cao & Ding, 2019). The system administrator of a company would develop a collection of settings using the Microsoft Management Console (MMC) Group Policy Editor to manage sites, workstations, system domains, and organizational units. This collection of parameters is called the Group Policy Object. Always Fresh company would require a set of integrated group policy objects to manage the additional application servers, computers, and devices.
Recommendations of Group Policy Objects for Managing Groups of Computers
Always Fresh needs to manage the increased capacity of IT infrastructure to ensure that the various positions that would create loopholes have a quality cybersecurity system. Using group policy objects, the facility would simplify management by applying a standardized environment for each new user. The purposes would also facilitate the definition of individual requirements for passwords to ensure that users keep to quality safety measures (Rizqi, Queisser, Smith & Greenan, 2019). The objects would also develop a system that eases the control and management of folders through the storage of files and folders in a centralized system.
Some of the user group policy objects that would enhance the control and management of the expanded computer infrastructure include:
- The system administrator would set a limit to the number of specified users who would gain access to a computer system. The Moderating Access to Control Panel object is vital in creating a safe business environment through moderation of the entrance to the computer systems (Vepa, Sastry, Cao & Ding, 2016). It helps in protecting data and other resources. The settings involve the opening of the Group Policy Management Editor and navigate to the user configuration, administrative templates, and the control panel and prohibit access to control panel and PC settings.
- The system administrator may also set the systems to prevent windows from storing user account passwords in ‘hashes.’ Local area network (LAN) managers hashes are easy to hack, and therefore, the system should not allow windows to store the passwords. The policy would apply a setting to prevent the storage of LAN manager hash value on next password using computer configuration abilities.
- Using the Control Access to Command Prompt object, the system administrator would disable the command prompt. Command prompts facilitate the running of commands that provide high-level access to users and allow them to avoid access restrictions in the system. It would prevent additional users from gaining access to confidential data.
- It is essential to prevent attacks from removable media drives, DVDs, CDs, and Floppy drives that may contain viruses or malware that may affect the whole network. The system administrator would disallow these drives by denying access to all removable storage classes.
- Setting the group policy to allow objects that restrict software installation reduces the likelihood of installing destructive applications that would compromise the system. The system administrator would prohibit facilities from users using the capabilities enabled by the Group Policy Management Editor.
- The system administrator would also set the computers to deploy an object to disable guest accounts. Users may gain access to confidential and sensitive data through guest accounts and also misuse access (Walter & Fitz-Gerald, 2017). It is essential to confirm that the guest accounts status remains in disabling conditions.
- The system administrator would also increase the limit for the minimum passwords’ length and ensure that users have a secure number of characters as their passwords.
- It would also be crucial to set the minimum password age to lower limits to ensure that the users change their passwords frequently enough. This measure helps in reducing the possibility and impact of having stolen passwords.
References
Rizqi, M. A., Queisser, J. R., Smith, B. C., & Greenan, K. M. (2019). U.S. Patent No. 10,454,778.
Washington, DC: U.S. Patent and Trademark Office.
Vepa, S. V., Sastry, H., Cao, A., & Ding, C. (2016). U.S. Patent No. 9,471,798. Washington, DC:
U.S. Patent and Trademark Office.
Vepa, S. V., Sastry, H., Cao, A., & Ding, C. (2019). U.S. Patent No. 10,230,732. Washington, DC:
U.S. Patent and Trademark Office.
Walter, M., & Fitz-Gerald, J. (2017). U.S. Patent No. 9,537,891. Washington, DC: U.S. Patent and
Trademark Office.