conference security

Using group policy to control malware

Before the session, I talked to a guy who uses his iPad to manage a lab – insight teacher’s Assistant. Worth a look for our PCC lab.
The presentation started with handouts with the step-by-step directions to restrict software in Group Policy. Beth gave an overview of group policy (which we don’t use enough) and the Group Policy Management Console. She continued with policy precedence. Local to site to domain to org unit. Whitelist or blacklist? Whitelist by directory is coming up. Not a bad idea for the PCC. Computer or user? Hash or software path?
Best practices – if a user can write to a dir, apps shouldn’t run from that dir. If an app can run from a dir, users shouldn’t be able to write to it. Users are local users, not admins. Tips on installing and updating adobe and flash (win update elevates and doesn’t need help). Look for custom install kits. Tips for using virtual machines for gp testing – put the vm in the correct org unit and apply just to that machine until you are happy, then elevate the policy to the whole ou (organizational unit).
Apps usually run from program files, startup folder, windows. Allow windows folder, disallow cmd and regedit – etc – to give more flexibility.
Demos of group policies being applied.
Turn off auto run and push a local hosts policy – if you do nothing else…
Reg entry to turn off IPv6 – might be available through GP. Or cmd line it as a login script through GP. Set the GP to disallow using proxy settings – helpful!! provides a regularly updated host file that helps to keep staff from malware sites.
Create a folder and share on the server, download host file from Mbps, create GPO – disable DNS client service (in XP) then deploy – TEST.

Leave a Reply

Your email address will not be published. Required fields are marked *

Relation Browser
0 Recommended Articles:
0 Recommended Articles: