mignon
Uploaded by
27 SLIDES
359 VUES
270LIKES

Total Workstation Lockdown: Action Plan and Group Policy Solutions

DESCRIPTION

Explore practical solutions for hardware lockout, loopback settings, security compliance management, and workstation protection. Learn valuable insights from Jeremy Moskowitz to secure your systems effectively.

1 / 27

Télécharger la présentation

Total Workstation Lockdown: Action Plan and Group Policy Solutions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Total Workstation Lockdown:Your Action Plan Jeremy Moskowitz, Group Policy MVP Chief Propeller-Head: GPanswers.com Founder: PolicyPak Software (policypak.com) Twitter: @jeremymoskowitz

  2. “What I learned in Belgium” – by Jeremy Moskowitz

  3. “What I learned in Belgium” – by Jeremy Moskowitz

  4. “What I learned in Belgium” – by Jeremy Moskowitz

  5. “What I learned in Belgium” – by Jeremy Moskowitz

  6. “What I learned in Belgium” – by Jeremy Moskowitz

  7. “What I learned in Belgium” – by Jeremy Moskowitz

  8. Disclaimer: Don’t go bananas (and don’t expect a ‘Magic Silver Bullet’) • Tendency to go “overboard” • No “one way” to skin the cat • Not going to go over all possible solutions • No “Silver Bullet.” It’s incremental, iterative, and ongoing. • This talk (mostly) Group Policy-based solutions

  9. Item 1: Hardware Lockout • Scenario • Need to restrict USB / other devices on network • Perfect for… • Computers • Specific users • Utilize: • Group Policy (Windows Vista and later) • Group Policy Preferences (Windows XP and later)

  10. Hardware Lockout Demo

  11. Item 2: Understanding Loopback • Scenario • Need to implement USER side settings to COLLECTION of computers • Perfect for… • Call Centers • Classrooms • Terminal Services

  12. Loopback Demo

  13. Item 3: Security Compliance Manager • Big (free) tool with lots of functions.. • Contains pre-configured GPO baselines from the Windows Security Guides • Lets you create baselines (and manage them) • Output as: GPO, XLS, Desired Configuration Management (DCM) packs, or Security Content Automation Protocol (SCAP) • http://technet.microsoft.com/en-us/library/cc677002.aspx

  14. Item 4: Security Compliance Manager

  15. Item 4: Security Compliance Manager

  16. Item 3: Security Compliance Manager

  17. Security Compliance Manager Demo

  18. Item 4: "Workstation Revert" • Scenario: • Ensures machines won’t be modified in “hostile” environment • Perfect for: • Schools • Internet Café • Walk-up machines • Shop Floor / Kiosk / Library • Home use (possibly)

  19. Microsoft’s Solutions • Windows SteadyState 2.5 • Windows XP and Windows Vista only • http://tinyurl.com/steadystate25 • Warning: Being retired as follows: • No more downloads after 2010 • No more support after 2011 • Free Downloadable PDF chapter about SteadyState at www.GPanswers.com/book • “Going forward” documentation • Creating a Steady State by Using Microsoft Technologies • Group Policy Settings for Creating a Steady State • The Steady State Reference Spreadsheet

  20. SteadyState-Like Items For Windows 7 • Free • Wioski • Win7 + VHD + WIM “wrapper” / trickery • www.wioski.com • Commercial • DeepFreeze from Faronics • Win7 Compatible • http://tinyurl.com/DeepFreeze-TechEd2010

  21. Item 5: AppLocker / Software Restriction Policies • Notes: • AppLocker not available for all editions of Windows 7 • Software Restriction Policies IS available for all editions of Windows 7 • Software Restriction Policies: • Good for Blacklisting • AppLocker: • Better for Whitelisting

  22. Item 6: Application Settings Lockout • ADM/ADMX files for supported applications • Office 2010 ADMX files • http://tinyurl.com/Office2010ADMX • All other applications… • PolicyPak Community Edition (Free) • PolicyPak Professional Edition

  23. Stay up to date with TechNet Belux Register for our newsletters and stay up to date:http://www.technet-newsletters.be • Technical updates • Event announcements and registration • Top downloads Join us on Facebook http://www.facebook.com/technetbehttp://www.facebook.com/technetbelux LinkedIn: http://linkd.in/technetbelux/ Twitter: @technetbelux DownloadMSDN/TechNet Desktop Gadgethttp://bit.ly/msdntngadget

  24. TechDays 2011 On-Demand • Watchthis session on-demand via TechNet Edge http://technet.microsoft.com/fr-be/edge/http://technet.microsoft.com/nl-be/edge/ • Download to your favorite MP3 or video player • Get access to slides and recommended resources by the speakers

  25. Do MORE with Group Policy

  26. THANK YOU

More Related