Group Polices

1. What role does Group Policy play in Windows Active Directory?

   • Group policies facilitate control over the IT working environment for any size group of people based on roles, functions, geography or whatever other parameters are appropriate.

2. Name and describe different ways GPOs can benefit security.

   • Password control: organizations can set length and complexity requirements for passwords to prevent users from utilizing weak, easy to crack passwords.
   • Security hardening: policies can prevent users from intentionally or accidentally changing settings that can create security gaps or accessing malicious sites and downloads
   • Data protection: GPOs can allow or restrict access to sensitive data within the organization such as not allowing everyone to access HR files with PII
   • Task automation: certain processes like software security updates can be automated rather than depending on individual users to keep things secure

3. How can the acronym “LSDOU” help you figure out which policies are in effect?

   • LSDOU refers to the order in which GPOs are processed: local, site, domain, organizational unit. Conflicts between policies defer to the later applications. So, domain or OU policies will override locally or site-made policies. This allows higher systems administrators to push rules that cannot be overridden lower down. When troubleshooting a policy violation, admins should check to see if the correct policy was in place at the OU level, then domain and work downward. If the policy is found to be insufficient, or missing, consideration should be taken to what level is most appropriate.

Source:Lepide