1.

Group Policy Folder Redirection Scenario: All users at the Dublin office use Roaming Profiles, that is, when they log on and off at different machines their profiles go with them. The manager is now reporting that the log on and off of users has become an extremely slow process and needs something done to speed up the process.

Solution:

Currently at the Dublin office, the roaming profiles in place are allowing the users to bring their My Documents Folder with them when their profile roams to another machine, effectively the My Documents Folder of each user contains large numbers of files and folders which needs to be downloaded and uploaded every time the user logs on and off each machine, slowing the system down. Putting in place a Folder Redirection Policy this will redirect the My Documents Folder to a specified network path when the user logs on. When the user saves a document to the My Documents folder, the folder they will see, will be the My Documents folder located in their home folder.

Path to Policy: Administrative Templates\Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions

2. Event Log Security Policy local guests accessing system log Scenario: There is a public access computer at reception of all our branches for visiting people to collect their email etc. We want to keep this computer in the reception areas but in future prohibit access to the logs and sensitive information.

Solution:

Putting in place an Event Log Security Policy will prevent guest users from accessing the System Log and will restrict access to system files and sensitive information on the intranet.

Path to Policy: Group Policy Object\Computer Config\Windows Settings\Security Settings\Event Log NOT SURE OF THIS ONE???

3. Code Signing for Device Driver Policy

Scenario:

A user was trying to install a device driver for a desktop printer receives a warning message informing him that the device driver he is about to install is not digitally signed. The manager is enquiring whether or not they should proceed with the installation or stop. Investigation into the configuration of this policy revealed that the users are currently permitted to install signed and unsigned device drivers at their own discretion and they get the pop up warning message with the options to proceed or stop the installation. Modifying the Code Signing for Device Driver Policy from Warn to Block will direct the system to refuse to installation of unsigned files. As a result, the installation will stop, and none of the files in the driver package are installed.

Solution:

Path to Policy:

4. Account Lockout Policy Scenario: One of the employees at the Dublin branch has been out sick, and the manager has discovered that a colleague has been able to log into the absent users profile. Asked about how he got access to the password, the colleague informed the manager that he simply tried all players on his colleagues favourite soccer team as the password until he found the correct one. An Account lockout Policy has been put in place. This policy will disable a user account if an incorrect password is entered a specified number of times over a specified period. These policy settings prevent attackers from guessing users' passwords, and they decrease the likelihood of successful attacks on the network.

Solution:

5. Disable Autoplay Policy Scenario: The Manager has noticed that users are loading their own software onto workstations, and is concerned about security threats to the network and also time wasting. The manager understands that all required software and drivers etc., is installed on the intranet and there should be no need for users to physically load software etc. Solution: The Administrators have decided to implement the Disable Autoplay Policy. By default, Autoplay is disabled on removable drives, such as the floppy disk drive (but not the CD-Rom), and on network drives. Enabling the policy will allow the administrator to disable autoplay on All drives including the CD-Rom.

Path to Policy How to use Group Policy settings to disable all Autorun features in Windows Server 2003, Windows XP Professional, and Windows 2000 1. Click Start, click Run, typeGpedit.msc in the Open box, and then click OK. 2. Under Computer Configuration, expand Administrative Templates, and then click System. 3. In the Settings pane, right-click Turn off Autoplay, and then click Properties. Note In Windows 2000, the policy setting is named Disable Autoplay. 4. Click Enabled, and then select All drives in the Turn off Autoplay box to disable Autorun on all drives. 5. Click OK to close the Turn off Autoplay Properties dialog box. 6. Restart the computer.

6. Hide Properties Pages Policy Scenario: Managers have reported problems with users only being able to view their excel files, and not being able to edit or save new data to excel files. Upon investigation, the administrators have discovered that user had access to the properties option of processes while in the Task Manager. To solve this problem they will implement a group policy to Hide Properties Pages in the Task manager. This means when a user goes into the Task manager and selects excel for example from the process list, right clicks, they will no longer see the Properties option and therefore will not be able to make any changes to Permission options etc.

Solution:

Path to Policy: Group Policy, at Computer Configuration\Administrative Templates\Windows Components\Task Scheduler, and User Configuration\Administrative Templates\Windows Components\Task Scheduler

7. Do Not move deleted files to Recycle Bin Policy Scenario: Manager has reported that users are complaining that when they have deleted unwanted files and folders from their system they have to delete them from Windows Explorer and then go into Recycle Bin and delete the files from there. It is time consuming and twice the work. Administrator have put in place a Do not move deleted files to Recycle Bin Policy. When a file or folder is deleted in Windows Explorer, a copy of the file or folder is placed in the Recycle Bin. Enabling this policy, files and folders that are deleted using Windows Explorer will not be placed in the Recycle Bin and will therefore be permanently deleted

Solution:

Path to Policy: Administrative Templates\Windows Components\Windows Explorer

8. Remove Mapped Network Drive Scenario: In one of our branches, Accounts are mapped to drive C and Sales are mapped To drive D. Accounts have read/write access to drive C but Sales only have read access to Drive D. At some point a user in Sales re mapped drive D to G So now Sales can no longer view the data stored on drive D The Administrator re mapped the correct drive letters and has implemented a Remove Mapped Network Drive policy. This will remove the Map Network Drive and Disconnect Network Drive commands from the toolbar and Tools menus in Explorer and My Network Places.

Solution:

Path to Policy User Configuration\Administrative Templates\Windows Components\Windows Explorer Remove "Map Network Drive" and "Disconnect Network Drive".

9. File Protection Scanning Policy Scenario: Manager has reported to the administrator that the users in the Dublin Office have all complained of extremely slow startup process of their Computers, but once they have started up they run very efficiently. The Administrator has agreed to amend the current File Protection Scanning Policy. This policy determines when and how Windows File Protection scans all system files for any changes. The current policy was enabled and the Scanning Frequency box was checked for default which is scanning during each startup which is considerably delaying each startup. The administrator will change this setting to do not scan during startup

Solution:

Path to Policy Computer Configuration\Administrative Templates\System\Windows File Protection

10. Automatic Updates Policy

Scenario