Book Image

Mastering Windows Group Policy

By : Jordan Krause
5 (1)
Book Image

Mastering Windows Group Policy

5 (1)
By: Jordan Krause

Overview of this book

This book begins with a discussion of the core material any administrator needs to know in order to start working with Group Policy. Moving on, we will also walk through the process of building a lab environment to start testing Group Policy today. Next we will explore the Group Policy Management Console (GPMC) and start using the powerful features available for us within that interface. Once you are well versed with using GPMC, you will learn to perform and manage the traditional core tasks inside Group Policy. Included in the book are many examples and walk-throughs of the different filtering options available for the application of Group Policy settings, as this is the real power that Group Policy holds within your network. You will also learn how you can use Group Policy to secure your Active Directory environment, and also understand how Group Policy preferences are different than policies, with the help of real-world examples. Finally we will spend some time on maintenance and troubleshooting common Group Policy-related issues so that you, as a directory administrator, will understand the diagnosing process for policy settings. By the end of the book, you will be able to jump right in and use Group Policy to its full potential.
Table of Contents (12 chapters)

Denying access to Command Prompt

While I personally love Command Prompt and almost always have an instance of it open in order to launch administrative tools, in general it is true that Command Prompt is a security nightmare. If any user somehow stumbles their way into an elevated Command Prompt window, they can do literally anything inside the Windows operating system. So as a matter of security common sense, if there is not a legitimate need for Command Prompt to be used on workstations in your environment (and I very much doubt that there is), disable it! This is a quick and simple policy, but one that is almost always a great addition to a well-rounded security package:

User Configuration | Policies | Administrative Templates | System | Prevent access to the command prompt:

Set Prevent access to the command prompt to Enabled, that's it! CMD.EXE is now blocked wherever...