How to apply the Security Settings of group policies?

Group PolicyGroup policies are widely used in networks and are also an effective tool for maintaining system network security. The following describes how to apply group policy security settings.

As a system administrator, we all know that the best way to protect windows environments is to use group policies. There are hundreds of security settings in the Group Policy object (GPO). Using group policy objects is a very effective and automated security protection method. However, are the security settings of Group Policy objects correctly applied? This article provides you with tools, commands, and tips to ensure that the security settings of Group Policy objects are correct.

Which settings are "Security Settings "?

Since there are more than 5000 settings in the Group Policy object, we must first clarify which settings are discussed in this article. There is a special security section in the Group Policy object, of course there are other security-related sections, but we will only discuss this section in this article.

First, you need to open a group policy object. It is better to open it through the Group Policy Management Console (GPMC), because the security settings of the Local Group Policy object are different from those of the Group Policy object in Active Directory. After opening the Group Policy object in the editor, you need to open Computer ConfigurationPoliciesWindows SettingsSecurity Settings

You will find many settings, including registry key, user permission, file/folder/Registry permission, wireless security, and group members. Most of these settings are controlled by Security Client extensions. If one of these settings fails, all the settings may fail. In addition, you can easily set other settings by using one of the settings.

In the Group Policy Management Console (on any machine that you have administrative permissions on), you can use the Group Policy result tool, these tools are built in the Group Policy Management Console, so you do not need to perform special operations. Through the Group Policy Management Console, you can decide the security settings on the target computer (the computer associated with the security settings deployed in the Group Policy object.

To locate the Group Policy result node in the Group Policy Management Console, You need to view the bottom of the Group Policy console. Here you will find the Group Policy result node.

In this tool, you can select "User Account" and "computer account ". Right-click the Group Policy result node and select the Wizard. After the Wizard is complete, you will see the results listed under the Group Policy result node.

On this page, you can check the policy object and Security Settings. You can click the right pane to view different results. Inspection Group Policy objects can be used correctly and are not rejected for some reason. Second, you can check whether the component Status has any errors related to the security client extension. Finally, check the Security Settings area and the tabs of the settings used.

You can also run RSOP. msc on the computer, which will display the same information as Figure 4, except for the interface display. Figure 5 shows that the RSOP. msc command is run on the target computer to display the Group Policy object settings in the same format as the Group Policy object configured in the editor. In this way, you do not need to worry about the security setting path. You can directly view the result on the node of the Group Policy object.

To view more information about group policy objects and client extensions, you need to go deeper into this interface. Right-click the computer configuration node and choose Properties menu. Then, you will see the deployed Group Policy object, and you can view the following node Information

GPO and filtering

Management scope of Group Policy objects

Revision information about group policy objects

This information helps you find out why the Group Policy object and related settings are not used.

To view the details of the client, you need to select the error information tab. Here, you will see the reason why a CSE is not used. This also indirectly explains why the setting does not appear in RSOP. the reason for the msc interface.

If you only want to view the Security Settings, rather than all the settings deployed from the Group Policy object, you can run secpol on the target computer. msc, which displays a subset of Group Policy objects in the same format as the original group policy object editor.

There are two main problems with this tool. First, the tool displays more information than just security settings. With this tool, you can view all security settings on your computer, it is not just about setting the deployment of Group Policy objects. You can immediately know which settings are from the Active Directory Group Policy object and which are locally deployed security settings. In figure 8, you can see two different icons to display the settings.

The second problem is that the information displayed by the secpol. msc tool is not as detailed as that shown by the RSOP. msc tool. Therefore, we need to select an appropriate tool to display the information according to our specific needs.

Summary

There are many ways to check the status of security settings (deployed using group policy objects). These tools are both built-in tools and very useful. You must have the correct management permissions to use these tools. With these tools, we can clearly view the deployed settings, the undeployed settings, and the reasons for the absence of deployment.

It is hoped that the method of applying Group Policy Security Settings in this article will be helpful to readers. More knowledge about group policies needs to be learned and consolidated by readers.