Goal
In this lab the goal was to set GPOs and PSOs for the Windows Server 2012 box that we had set up in the previous lab. Group policies allowed us to manage the settings and configurations on the domain bound machines as well as fine tune the password complexity requirements.
I had already set up multiple GPOs for my machines prior to starting this lab, so all I really had to do was add in any additional GPOs as well as create the Password Setting Objects.
Windows Server 2012: Username: Administrator Password: Hunter2
Security Considerations
There are many security concerns that are apparent when looking at this lab and all of the settings that are being pushed out to machines. Some of the most apparent considerations that are touched upon in this lab
…show more content…
This always used to be the way that companies would manage their local admin accounts, however I recently found that this is not the most secure way of handling this process. The reasoning behind this is that the GPO has to be readable to all clients they are pushing to, therefore the hashed password that is pushed to the machine is sitting publically accessible on the DC and can easily be attacked and cracked to reveal the local admin accounts. The proper way that I have found to handle this concern is to use a tool by Microsoft called LAPS.
Auditing
There are a number of different auditing settings that can be put in place that cover a number of different use cases, I will be going over just a few of those use cases.
Initially when diving into auditing, there are some main features that would be beneficial to have. Account logons are very useful to have logs for, for a multitude of different reasons. Tracking which users log onto which computers is beneficial not only for doing troubleshooting, but also for ensuring individuals are not accessing other people’s computers and potentially sensitive