I recently visited a friend's new place, which has great audio-visual setups and firewalls, but I noticed he hasn't set up any Group Policy Objects (GPOs) yet. This caught me off guard since I've mostly dealt with minor configurations, like adding trusted sites, local admin setups, third-party antivirus, and regular patching. I'm looking for advice on which GPOs would be good to implement in a new environment. Any suggestions?
6 Answers
Right off the bat, any CIS baseline that you can apply without causing issues is a safe bet. Don't forget to consider compliance requirements like PCI DSS or HIPAA if they apply.
Scheduled tasks and PowerShell scripts to install software can be really useful if you don't have a remote monitoring and management system. Also, setting default app associations through GPO can streamline things.
Implement L2 security GPOs: restrict NTLM, enforce LDAP signing, and ensure SMB encryption. Also, consider deploying AppLocker rules for software restrictions, and configure Windows Defender ATP policies for better protection.
Consider implementing a policy to automatically delete user profiles that are older than a certain number of days. This can really help manage storage, especially if you're running older machines with limited space.
Ultimately, it all boils down to your business's needs, but enforcing a strong password policy and changing the default admin username is pretty crucial. Just remember, it's 2026 - you might also want to consider using Intune for security baselines and other policies.
It really depends on the specific needs of the company, but I'd recommend starting with CIS baselines. Also, make sure to deny logons to Tier 0 assets from non-Tier 0 devices.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures