Group Policy Best practices

[billybarty]

We are just starting to implement group policy on our workstations and I am looking for any best practices on what to lock down for the average user (disabling automatic updates, services, home page, etc). Looking for ideas on what itmes to propose being disabled. Any thoughts are appreciated.

 

[mrmoneymatters]

Did you already apply a policy to the domain for account lockouts and password requirements?

 

[enbw]

Hi,

First of all, make a general list of what you do or don't want your users to do. From a threat perspective but also good management. Second make a list of standards

E.g. Access to local drives, the run cmd, registry tools, map drives.
E.g. Home Page, Macro security, go via a proxy server.

Then apply the relevant settings, you may have to import some administrative templates.

Remember, you have to use different OU's if you want different groups of users to have different levels of access.

At a minimum have two OU's one for users and one for computers.