Group policy is an administrative tool in Active Directory that allows administrators to apply settings and rules to users and computers across an organization. It provides a centralized way to manage settings related to security, software installation, and user permissions. While group policy is effective for enforcing organizational standards, applying too many policies can slow down systems. It is important to balance security with usability when designing group policies.

1. PRESENTED
BY
EMMANUEL AKPEOKHAI

2. Firstly, let’s define Organisation Policy
A policy is a course of action or guidelines to
be followed in an organisation.
Security policy is an organisations first line of
defence to start with.

3.  Active Directory
Active Directory Domain Services is Microsoft's
Directory Server. It provides authentication and
authorization mechanisms it uses LDAP,
KERBEROS & DNS

5. Access Control List
ACL is a list of permission assigned to an object. The
ACL is a list of each object and user access privileges
such as read, write or execute.

6. Domain and a Forest
 A domain is a management/administrative
boundary. Domains are part of a forest. The
first domain in a forest is known as the forest
root domain.
 forest is a security boundary

7.  A DC does authentication or authorization. In
most cases, a Domain Controller will hold a
copy of the global catalogue.
 A Global catalogue (GC) is a partial set of
objects in all domains in a forest. It is directly
searchable.

8. Group policy
Group Policy is an administrative tool for
managing user settings and computer settings
across a network.
It is an important administrative tool in
implementing an organisation policy.
Group Policy settings are contained in Group
Policy objects (GPOs), which are linked to the
following Active Directory service containers:
sites, domains, or organizational units (OUs).

9. Group Policy Management

10.  All policies should be applied quickly, so that
users do not feel a significant impact by their
processing.
 All policies should be as easy as possible to
administer and maintain.
 Documentation is very important
Combating Slowdown Due To Gpos
if you apply too many policies, there will be a
system slowdown.
But there are no good guidelines for how many
policies to apply.

11.  GPOs apply only to sites, domains, and
Organizational Units.
 A single GPO can be linked to multiple
locations in the tree.
 GPOs by default affect all of the users and
computers in a container.

12. 1) Centrally Maintain – the settings only need to be
configured in active directory and it can apply for whole
network without configuring individual PC
2) Prevent users from changing sensitive settings –like
firewall, antivirus and proxy settings.
3) Rules can be applied for users or Computers – user
rules will apply for any pc he login in network.
4) Users will not be able to bypass the rules or edit
them – without permissions users will find it difficult to
change these policies in user level. Its hard to bypass as
well. So its more secure.
5) No changes needed if new users or computers are
added
6) security measures are put in place

13. Identifying Settings Related to Password Policies
Enforce password history determines the number of
unique new passwords a user must use before an old
password can be reused.
Maximum password age determines how many days a
password can be used before the user is required to
change it.
Minimum password age
Minimum password length determines how short
passwords can be.
Passwords must meet complexity requirements
The password is at least six characters long.:
English uppercase characters (A - Z)
English lowercase characters (a - z)
Base 10 digits (0 - 9)
Non-alphanumeric (For example: !, $, #, or %)

14.  Requirements
 Credentials: You must be logged on as a member of
the Domain Admins group.
 To implement Group policy on computer systems
that belong to an Active Directory domain
◦ Click Start,
◦ Click Control Panel,
◦ Double-click Administrative Tools,
◦ Then Double-click GROUP policy management.
◦ Right-click the root container for the domain:
◦ Right click the GPO then click on EDIT

15. Implementing group policy settings

17.  Individual GPOs can be linked to multiple sites, domains, and
Organizational Units in Active Directory as required.
 GPOs are inherited down the Organizational Unit hierarchy by
default.
 A number of things can slow down processing on a client,
including attempting to process many policies one after the
other. Use of loopback, especially in merge mode, can
significantly impact this. Attempting to apply GPOs across
domains can also lead to slowdowns depending on the network
speed between the domains.
 When policies are to be applied to a client, the system identifies
the entire list of policies to be applied before actually applying
them in order.
 Finally, both user profiles and policies can be applied across a
slow link, but the speed that the system uses to determine
whether a link is slow is configurable by the administrator within
an individual GPO.

18.  CONCLUSION
In conclusion, this presentation is to display the
effectiveness of An organization security policy
system in ensuring CIA ,
This policy is not meant to replace physical
security policies Rather it is meant to support it.
RECOMMENDATION
 Government
 Financial institutions
 Military
 Hospitals
 Other Business Organizations