Assignment
Steps for creating a password in GPO
To safeguard user accounts in the Active Directory Domain, it is important to create and execute a domain password that offers adequate intricacy and a password length and the regularity of adjusting the user and service account passwords. Therefore, it becomes difficult for a hacker to infiltrate passwords of users utilizing the brute-force attack, or capturing passwords when sent over a network (Moskowitz, 2015). Therefore, in order to set general prerequisites for user passwords in Active Directory domain, the group policy settings (GPO) are utilized. Notably, the domain user accounts’ password is configured in the Default Domain Policy.
There are several steps that can thus be taken in the creation of a password in GPO and they are described as below:
1. Open the group policy management console (gpmc.msc) so as o configure the AD account password policy
2. Domains are then expanded, and after finding the GPO known as Default Domain Policy, right-click on it and choose edit
3. Then navigate to Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy. This is the GPO section where password policies are situated (Moskowitz, 2015)
4. A policy setting is then double-clicked so as to edit it. To allow a certain policy setting, one can check the Define this policy settings and indicate the needed value
5. The new configurations of password policy will be applied to all domain computers in the background in about ninety minutes when the computer boots or the policy can be applied instantly through the running of the gpupdate /force command (Moskowitz, 2015)
How to access GPO
A variety of approaches can be used to access a GPO. In accessing GPO the following steps can be applied:
1. One clicks Start > Programs > Administrative Tools > Active Directory Users and Computers. This leads to the display of the Active Directory Users and Computers page
2. One then right-clicks on the suitable organizational unit in the navigation tree; this is followed by clicking on properties. The chosen organizational unit page is then displayed
3. Click Group Policy, then click open
The followings steps can also be applied:
1. Open the Control Panel situated on the Start Menu
2. Click the icon of Windows on the Toolbar; the widget icon for Settings is then clicked on
3. One then types ‘group policy’ or gpedit and the option ‘Edit Group Policy’ is clicked on
The following steps can be applied as well:
1. Choose the GPO situated in the Group Policy Management Console and then click on the advanced button
2. Choose the “Authenticated Users” security option group and then move down to the “Apply Group Policy” permission; the “Allow” security setting should be un-ticked. It is important to note that the “Allow” permission for “Read” still requires to remain ticked since it averts “inaccessible” error messages
3. Then click on the “Add” button and choose the group you want this policy to apply and hence access the GPO
How to know what to add and not add
It is important to note that when it comes to accessing GPO, one should never eliminate “Authenticated Users” directory from the Security Filtering section on the GPO. This is because it can cause “inaccessible” error messages on GPOs in the Group Policy Management Console for any person who is not a Domain Administrator. This occurs since one has gotten rid of the user’s ability to read contents GPO; however, this does not indicate the policy will be applied to that user.
Reference
Moskowitz, J. (2015). Group policy: Fundamentals, security, and the managed desktop. John Wiley & Sons.
