Group policies and some deployments

Group Policy

1. Prohibit R & D department from using USB to log on to other computers

2. Sales Department removable disk encryption

3. ntfs encryption of Finance Department

4. Force password policy. The manager uses the granular password policy, with more than 10 passwords.

5. Anti-Virus Software

6. Modify the default ports of all servers

7. Deploy all user work environments

8. Roaming user configuration file

Disable R & D department USB

1. Create and connect the gpo of the R & D department in the Group Policy

2. Edit Policy

3. Find the access permission for the removable disk storage

4. If you need to implement the update immediately after editing, use the force update command gpupdate/force.

Do not log on to other computers

1. Find the user in the R & D department and open the user attributes. Select the logon

Sales staff use bitlocker Encryption

1. Divide a disk to store confidential data files and enable bitlocher encryption.

2. After Entering the password, you can complete the encryption step.

Finance Department uses NTFS permission to encrypt its own files

Right-click the folder you are using and select general advanced, then select encrypted data

Force password policy and change manager-level granular Password Policy

1. Force the password policy to create and edit a new GPO on the Group Policy object.

2. Find the password change policy and set it here.

3. Final link GPO

4. Select the newly created GPO

Granular Password Policy

1. Open the ADSI Editor, connect to it, and find the password settings.

2. Start creating a password policy (object)

3. Set the password

4. Set the password's historical Length

5. Set Password Complexity

6. Set the minimum password length.

7. Minimum Password Use Period

8. Maximum Password Validity Period

9. Account lock threshold

10. Account lock time

11. Reset the account lock counter

12. Open properties after completion

13. Apply the policy to the manager department

14. Use force update to make it take effect immediately: gpupdate/force

Change port number

1. Open the registry and find the path:

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server \ Wds \ rdpwd \ Tds \ tcp] and modify the portnumber Value

2. Modify the portnumber value in [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server \ WinStations \ RDP-Tcp] in the registry.

Deploy user work environment

1. Do not open command prompt, registry, or run unnecessary programs

2. Deploy personalized settings

3. settings of IE browser

4. Advanced Security Settings of IE browser

5. Modify the Start menu settings to check whether programs can be displayed or run.

6. Set logon options to show whether to log on for the first time

User roaming Configuration

1. First create a shared folder profiles on the server

2. Open the active directory management center and find the roaming user to be configured

3. Configuration File

4. Then log on to this account from a computer in the domain

5. A roaming user file has been generated on the server.

6. You can change the configuration file if you have the permission.

Forced user roaming Configuration

1. Make the user configure as before, then change the environment, log on, and log off

2. log on to the account with the domain administrator group permission or enterprise management permission.

3. Find the user configuration file

4. You need to use a small tool before you can copy

5. Then, change the permission to add the account itself.

6. Open the user folder, display the hidden files, and rename ntuser. dat to ntuuser. man.