Photo by Jack Carter on Unsplash

Photo by Jack Carter on Unsplash

Group policies on Windows Server 2022

Simple and  Effective

Article from ADMIN 73/2023
We discuss how to manage and secure clients with group policy object templates and look at some recommendations from various governmental and non-governmental security advocates.

Every admin knows group policies inside out. Group policy objects (GPOs) are still the most effective means of centrally managing and, above all, protecting clients. They play a crucial role, especially when it comes to protection against ransomware.

Generally speaking, Windows Server 2022 reveals no technical innovations in the area of group policies for local installations. The GPO infrastructure and the available feature set are static, with no more development in this area. However, some innovation and change is emerging in the cloud, but only if you sign up for the right plan. Still, there's nothing out of the box in a plain vanilla Azure Active Directory (AD) that controls the client as extensively as group policies can locally. With this in mind, I look at new or changed approaches that have emerged over 20 years of group policy design and structure, with an emphasis on rules that should always be implemented, even if nothing has changed technically and the best practices have been valid for years.

GPOs in the Light of Ransomware

Where admins struggled with desktop configurations in the early days of AD, today the greatest effort is put into defending the environment against ransomware and the sword of Damocles called the General Data Protection Regulation (GDPR) in the event of a possible data loss. Surprisingly, very few ADs are up to these requirements in terms of delegation and group policies.

The companies affected by ransomware attacks often have many things in common, but the main similarity is an IT structure built 20 years ago. Admins have neglected to change fundamentals and keep structures current, instead focusing on issues other than AD as a core login resource. User login works fine, why should there be a problem? This way of thinking is now getting in the way. After ransomware has made it into an organization, it spreads with PsExec and a batch file

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.