|
Lesson 1
Creating a Baseline for Member Servers
9-15
Exercise 2: Creating a Group Policy Object
In this procedure, you create a new GPO for the Member Servers
organizational unit
object you just created and use it to create a secure baseline configuration
for your
(imaginary) member servers.
To create a new GPO
1. In the Active Directory Users And Computers console, select the Member
Servers
organizational unit you created in Procedure 1 and, on the Action menu,
click
Properties. The Member Servers Properties dialog box appears.
2. Click the Group Policy tab and then click New. A New Group Policy Object
entry
appears in the Group Policy Object Links list, with the name of the entry
high-
lighted for renaming.
3. Type Member Server Baseline and then press ENTER.
4. Click Edit. The Group Policy Object Editor console appears, with the
Member
Server Baseline GPO at the root of the console tree.
5. In the Computer Configuration container, expand the Windows Settings,
Security
Settings, and Local Policies containers.
6. Click the Audit Policy container. A list of audit policies appears in the
console’s
details pane.
7. Double-click the Audit Account Logon Events policy. The Audit Account
Logon
Events Properties dialog box appears.
8. Select the Define These Policy Settings check box. The two Audit These
Attempts
check boxes are activated, with the Success check box selected by default.
9. Select the Failure check box and click OK.
10. Configure the remaining audit policies using the following settings:
❑
Audit Account Management—Success and Failure
❑
Audit Directory Service Access—Success and Failure
❑
Audit Logon Events—Success and Failure
❑
Audit Object Access—Success and Failure
❑
Audit Policy Change—Success and Failure
❑
Audit Privilege Use—Failure only
❑
Audit Process Tracking—No auditing
❑
Audit System Events—Success and Failure
You are configuring the Audit Process Tracking policy to audit neither
successes
nor failures because of the large number of log entries this policy creates.
However,
|
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)