The Basics
What's a GPO?
what is A policy that applies settings to a group of somehow related objects
NO
This filter queries a Microsoft database on the local machine to determine if the specified criteria matches and if it should apply the policy
WMI Filter
You have recently been hired at Rome as a tier 4 engineer(Good luck) your first project is to modify the bad password count threshold. how do you modify it and why?
Group Consensus on the best answer
Which of the following are local GPOs on a Windows 10 computer? (Choose all that apply.)
a. Local Administrators
b. Local Default User
c. Local Default Domain
d. Local Non-Administrators
a. Local Administrators
d. Local Non-Administrators
What is the Linking order for GPOs?
Local Site Domain OU
When you have the same setting being applied with different policies which policy will actually stick/apply?
The highest setting in the linking order/enforced policies
What kind of filter searches Active Directory and determines if a policy should apply
Security filter
you want to leverage a script inside a GPO what is a central store you can put it in?
SYSvol/Netlogon (how do you put it there so the GPO can find it?)
Which of the following are true about GPOs? (Choose all that apply.)
a. Local Policies override domain GPOs.
b. Domain GPOs are stored on member servers.
c. Domain GPOs can be linked to Active Directory sites.
d. The gpedit.msc tool can be used to edit local GPOs.
c. Domain GPOs can be linked to Active Directory sites.
d. The gpedit.msc tool can be used to edit local policies.
these apply at start up
Machine Policies
Explain how Blocked Inheritance works (where it is applied what can it do)?
It is applied to an OU and then Will block all non enforced policies from being applied if they are not directly linked to the specified OU.
when is a good time to use WMI filters?
When it is a policy that is dependent on hardware/software versions/types on the computer.
the Cyber team comes to you with a ridiculous request (standard ops) to log into every system and stuff a service account into the local administrators group. is there a better way and how would you do it?
Group consensus
Where is a GPT stored?
a. In a folder named the same as the GPO in the SYSVOL share
b. In a folder named the same as the GUID of the GPO in Active Directory
c. In a folder named the same as the GUID of the GPO in the SYSVOL share
d. In a folder named the same as the GPO in Active Directory
c. In a folder named the same as the GUID of the GPO in the SYSVOL share
These Apply at logon
User Policies
what does it mean to enforce a GPO
It will apply to all systems that it covers regardless of blocked inheritance
when is a good time to use security filters?
there is a new SQL STIG that has been released and needs to be applied to all SQL 2020 Boxes, what is the best way to get that STIG to apply?
Use a WMI filter for the Software version type or put all systems running SQL 2020 into its own SUB-OU and link it.
You're having replication problems with your GPOs and suspect that the version numbers have somehow gotten out of sync between the GPT and the GPC. What can you do to verify the version numbers on a GPO?
a. Check the versionNumber attribute of the GPC and open the<CTX> GPT.ini file<CTX/>.\
b. Check the versionNumber attribute of the GPT and open the <CTX>GPC.ini</CTX> file
c. Right-click the GPO in the Group Policy Management console, click Properties, and view the version in the General tab
d. Right-click the GPO in the Group Policy Management Editor, click Properties, and view the version in the General tab
a. Check the versionNumber attribute of the GPC and open the<CTX> GPT.ini file<CTX/>.
What two things make up a GPO and where are they stored?
Group Policy Container (GPC) Stored in AD
Group Policy Template stored (GPT) Stored SYSVOL
What kind of policies should be enforced?
Your default domain policy
&&
Security/system hardening policies
what is a consideration to use when deciding to create a WMI filtered policy
The amount of time it will take to apply said policy. it will slow down logon/startup
there is a new intermediate certificate being brought on to the domain.
it can be added to the Active Directory Certifcate store, it can be stuffed onto all systems with a GPO. or it can be pushed out via script
You have configured a policy setting in the User Configuration node of a domain GPO and linked the GPO to OU-X. Later, you discover that you linked it to the wrong OU, so you unlink it from OU-X and link it to OU-Y, which is correct. A few days later, you find that users in OU-X still have the policy setting applied to their accounts. What's the most likely cause of the problem?
a. Group policy settings haven't been refreshed.
b. The policy setting is unmanaged.
c. Users in OU-X have an item-level target filter configured.
d. The GPO is disabled.
b. The policy setting is unmanaged.