Active Directory GPO Practical Examples

Fonts Distribution
———————————
A. Create an SMB share on an Intranet accessible directory \\SOFTWARE\FONTS\Kim-Connect.ttf
B. Create a new GPO named “Fonts-Distribution”
– Scope: Authenticated Users (which includes Domain Users and Domain Computers)
– Links: Computers OU, and any other OU to distribute these fonts
C. Edit the GPO by following these procedures:

Right-click the “Fonts-Distribution” GPO > Edit > Navigate to User Configuration > Preferences > Windows Settings > right-click Files > New > File > set Source file(s) = \\SOFTWARE\FONTS\Kim-Connect.ttf > set Destination File = C:\Windows\Fonts\Kim-Connect.ttf > Click OK

Navigate to User Configuration > Preferences > Windows Settings > right-click Registry > New > set these values
– Hive: HKEY_LOCAL_MACHINE
– Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts
– Value Name: Kim Connect
– Value type: REG_SZ
– Value data: Kim-Connect.ttf
– Click OK when done

Computer Access Policy – Logon Banner
———————————
Create a GPO named “Computer Access Policy – Logon Banner” > Apply it to the appropriate OUs > Edit GPO > navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > Interactive Logon > Edit these 2 Settings:
– Interactive logon: Message text for users attempting to log on = This computer is a property of Kim Connect, LLC. The use of this system is restricted to authorized personnel only. All activities on these systems are subject to monitoring and security audits. Be advised that this warning is not an invitation for any unapproved pen testing. Unauthorized access, use, or modification of this computer system or the data contained herein or in transit to/from this system may subject you to criminal prosecution. Employees who act contrary to company policy are subject to disciplinary actions, including termination. Click OK to acknowledge that you have read and understand the above terms and conditions.
– Interactive logon: Message title for users attempting to log on = Computer Access Policy

Computer Configuration > Policies > Administrative Templates > System > Group Policy > double-click Configure User Group Policy loopback processing mode > Select Enabled > select a loopback processing mode = Merge > OK

Enable RDP
———————————
Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Hosts > Connections > Allow users to connect remotely by using Remote Desktop Services = Enabled > Remote Session Environment > Enforce Removal of Remote Desktop Wallpaper = Enabled

Leave a Reply

Your email address will not be published. Required fields are marked *