If you ask any IT professional, they would agree that security is a very critical component to how their infrastructure is configured. Every different aspect of your infrastructure can be secured, but its understanding on how to properly secure each layer that will ultimately guarantee you from someone infiltrating your infrastructure. Along with security every IT professional moves on and looks for ways to be more efficient, how do you automate tasks or take away the every day cumbersome tasks no one wants to touch. Today we look at Microsoft Windows and securing the operating system layer, by utilizing Active directory and using group policies to secure your network. I think the biggest thing i take away from working with clients is that they don't understand the power of using group policies and how more efficient they can be with implementing group policies. So why join a domain? What will be my benefit? Well there may be different motivators that will drive your decision to implement or join a Microsoft Windows Active directory domain. It could be driven by your management or business and the need to protect critical highly sensitive data. For smaller businesses it could be that your IT admin is the only one understanding how critical it is to protect your data, whatever the reason , it is important to know that Active Directory domains make you more secure. Think about this scenario, you work for a small business with 2 different locations, and lets say they employ about 65 people, so that would include 75+ systems including all the servers running your critical applications. As an IT administrator it would not be efficient to daily manage all the systems in a individual manner, that means i would have to literally drive to the remote office and log on to each computer individually and secure the operating system down. Something as simple as a new employee starting would have to include you creating a local user account on the PC, set his password expiration policy, lock down software installation rights, access to the control panel, turning on the firewall with all the needed exceptions or installing all the needed software for him to do his job. Whatever your security standards state, you would spend the time doing this over and over. As a small business the last thing management wants to do is spend more money on another technical resource and as an IT professional you have better things to be focusing on. That's where the power of group policies come into play, Active directory allows all your systems to be managed centrally, not only managed centrally, but with group policies you can make your system that much more secure and make your staff more efficient. With group policy you create and define policies once, set my password expiration policy, enable my firewall with the proper exceptions or even have the software installed automatically. When my new employee starts in the remote office i can have management run a simple double click on a file that will join the system to the domain and he is ready to get to work or if you have more efficient methods with imaging software that would automatically take care of it. I can be hands off, be efficient along with creating a secure layer. There are literally hundreds of different computer or user settings that you can configure through group policy, and probably the most unique feature is that it is a flexible tool. Group Policy design may be clearer by understanding your clients or company's need, SLAs, security, network and IT requirements. When you look at your infrastructure and your users needs you can meet them by utilizing Group Policies. By no means is something so complex and flexible easy to work with it can takes years of practice and trial and error to fully understand the capabilities of this technology, the design can take hours of planning and the environment must support it. Some of the concepts of the technology can be confusing and frustrating, so it is important to get good training or understanding before implementing any rules. After multiple years of experience in working with this technology i can still go into Group Policy and find out that it can do something for me automatically and make my life a lot easier. The best way to learn is to not be afraid to test out the capabilities of the software and to push the limits. Remember that Group Policies can make your life a lot easier but a good design and understanding will ultimately deem your success or failure. I haven't even scratched the surface on the technology and its further complex structure and capabilities. When something is so powerful its hard to explain in an article. Microsoft offers good documentation and training on Group Policy, i would recommend visiting their website and following their best practices. That is all for this article, see you next time.
http://www.microsoft.com/en-us/download/confirmation.aspx?id=22478
No comments:
Post a Comment