DOMAIN WIDE ORGANISATION POLICY

PRESENTEDBY

EMMANUEL AKPEOKHAI

Firstly, let’s define Organisation Policy A policy is a course of action or guidelines to be followed in an organisation.Security policy is an organisations first line of defence to start with.

DOMAIN WIDE ORGANISATION POLICY

Active Directory Active Directory Domain Services is Microsoft's

Directory Server. It provides authentication and authorization mechanisms it uses LDAP, KERBEROS & DNS

Concepts of An Organisation Policy

Access Control ListACL is a list of permission assigned to an object. The ACL is a list of each object and user access privileges such as read, write or execute.

Domain and a Forest A domain is a management/administrative

boundary. Domains are part of a forest. The first domain in a forest is known as the forest root domain.

forest is a security boundary

A DC does authentication or authorization. In most cases, a Domain Controller will hold a copy of the global catalogue.

A Global catalogue (GC) is a partial set of objects in all domains in a forest. It is directly searchable.

Domain Controllers and Global Catalogues

Group policyGroup Policy is an administrative tool for managing user settings and computer settings across a network.

It is an important administrative tool in implementing an organisation policy.

Group Policy settings are contained in Group Policy objects (GPOs), which are linked to the following Active Directory service containers: sites, domains, or organizational units (OUs).

Group Policy Management

All policies should be applied quickly, so that users do not feel a significant impact by their processing.

All policies should be as easy as possible to administer and maintain.

Documentation is very important

Combating Slowdown Due To Gpos if you apply too many policies, there will be a

system slowdown. But there are no good guidelines for how many

policies to apply. 

Guidelines for Designing GPOs

GPOs apply only to sites, domains, and Organizational Units.

A single GPO can be linked to multiple locations in the tree.

GPOs by default affect all of the users and computers in a container.

How GPOs Are Used in Active Directory

1) Centrally Maintain – the settings only need to be configured in active directory and it can apply for whole network without configuring individual PC2) Prevent users from changing sensitive settings –like firewall, antivirus and proxy settings. 3) Rules can be applied for users or Computers – user rules will apply for any pc he login in network.4)    Users will not be able to bypass the rules or edit them – without permissions users will find it difficult to change these policies in user level. Its hard to bypass as well. So its more secure. 5)    No changes needed if new users or computers are added 6) security measures are put in place

Reasons why we should go with group policies.

Identifying Settings Related to Password Policies

Enforce password history determines the number of unique new passwords a user must use before an old password can be reused.

Maximum password age determines how many days a password can be used before the user is required to change it.

Minimum password ageMinimum password length determines how short

passwords can be.Passwords must meet complexity requirements

The password is at least six characters long.:English uppercase characters (A - Z)English lowercase characters (a - z)Base 10 digits (0 - 9)Non-alphanumeric (For example: !, $, #, or %)

Requirements Credentials: You must be logged on as a member

of the Domain Admins group. To implement Group policy on computer

systems that belong to an Active Directory domain

◦ Click Start,

◦ Click Control Panel,

◦ Double-click Administrative Tools,

◦ Then Double-click GROUP policy management.

◦ Right-click the root container for the domain:

◦ Right click the GPO then click on EDIT

How to start a group policy editor

Implementing group policy settings

Individual GPOs can be linked to multiple sites, domains, and Organizational Units in Active Directory as required.

GPOs are inherited down the Organizational Unit hierarchy by default.

A number of things can slow down processing on a client, including attempting to process many policies one after the other. Use of loopback, especially in merge mode, can significantly impact this. Attempting to apply GPOs across domains can also lead to slowdowns depending on the network speed between the domains.

When policies are to be applied to a client, the system identifies the entire list of policies to be applied before actually applying them in order.

Finally, both user profiles and policies can be applied across a slow link, but the speed that the system uses to determine whether a link is slow is configurable by the administrator within an individual GPO.

Summary of Policy Options

CONCLUSION In conclusion, this presentation is to display the

effectiveness of An organization security policy system in ensuring CIA ,

This policy is not meant to replace physical security policies Rather it is meant to support it.

RECOMMENDATION Government Financial institutions Military Hospitals Other Business Organizations