Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Group Policies

Status
Not open for further replies.
redwhip

redwhip

Technical User
Apr 29, 2003
96
GB
I have just moved a load of users into an OU which has a new GPO for Terminal Services.
The GPO was applied successfully to all of the users apart from one who is in the same groups and is setup identically to everybody else.
I even copied this user account and the policy applied to the new copied user account.
I finally deleted this users NT4 profile and the policy then applied straight away.
I'm worried that this user has found a group policy loophole as I recently noticed him poking around in the domain admin tools. He seems to know what he is doing.

Does anybody think this sounds suspect or am I worrying about nothing?

Cheers

Red
 
Sort by date Sort by votes
Read him the Riot Act. Well, no... that really isn't done anymore...

1st, send out the Company Security Policy document that says, in effect, "use our settings, don't download porn/viruses/illegal stuff or you're in violation" (make sure your HR and Legal folks actually approve the language to avoid any "unfortunate incidents").

2nd, send him (okay, everyone) an email asking if he received the policy and require a reply.

3rd, for the Terminal Services GPO, select "No Override"... and audit for changes...

4th, send his manager a copy of the above and the rest of your audit trail if it happens again...

eh, voila!! You're done. (until the next one)

JTB
Have Certs, Will Travel
"A knight without armour in a [cyber] land."

 
Upvote 0 Downvote
One point he made, definetly start auditing up and look for bad behavior. Good luck.

Glen A. Johnson
If you're from Northern Illinois/Southern Wisconsin check out Tek-Tips in Chicago, Illinois Forum.

Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884
 
Upvote 0 Downvote
Should I just audit the admin tools and .msc files?

Microsoft recommend going into ADSIedit and doing the whole domain partition but I only want to see relevant events which are meaningful.

There is now a working whitelist of allowed applications in this GPO but I agree that auditing would show if anybody has broken the GPO and run the tools.

The sad thing is that the terminal server is the domain controller as well so although I'm not sure what damage they could do if they are only domain users, I'm not prepared to take that risk or to spend time investigating what they might be able to do. Hence the whitelist.

We are getting a new dedicated terminal server soon but I would like to use the same GPO for that.

Thanks

Redwhip

 
Upvote 0 Downvote
Personally, I would audit what your concerned with, and audit the user in questions activity anyway you can. If necessary, give him explicit DENY settings, although I generally shy away from DENY's. Good luck.

Glen A. Johnson
If you're from Northern Illinois/Southern Wisconsin check out Tek-Tips in Chicago, Illinois Forum.

Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rrmcguire
  • Locked
  • Question
group policy to set dns
Replies
2
Views
424
rrmcguire
rrmcguire
JoshuaThompson
  • Locked
  • Question
Software Deploy Group policies are not working at remote site
Replies
0
Views
164
JoshuaThompson
JoshuaThompson
phil3000
  • Locked
  • Question
Screensaver Via Group Policy
Replies
1
Views
289
markdmac
markdmac
cabraun
  • Locked
  • Question
Group Policy Question (Set System Variable)
Replies
2
Views
226
markdmac
markdmac
usrinu
  • Locked
  • Question
applied wallpaper group policy
Replies
1
Views
217
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top