I thought this Information Week article did a good job of articulating the challenges of security compliance on Windows, and the use of Group Policy as the first line of defense here. Most folks have been using GP to lockdown their desktop systems for a while now, but the reality is that Group Policy is THE mechanism for managing security configuration if your targets are Windows desktops and servers. However, there are challenges that folks have to deal with, as the article points out. Knowing whether policy actually worked across your environment, especially for sensitive security configurations, is a tough problem to solve. Its one of the reasons that we have been working to release the Group Policy Compliance Agent, which is a new product that will run on your Windows servers and desktops, and will collect vital statistics about GP processing. Most importantly, the agent will be able to optionally validate that settings that are reported by Resultant Set of Policy (RSoP) have actually been made successfully in the system’s registry or security configuration. This will go a long way towards closing the loop between setting policy, and hoping that it has actually applied, let alone being able to prove it to your auditors!
Tags:
Group Policy Compliance, SDM Software
SEP
About the Author:
Darren Mar-Elia is CTO & Founder of SDM Software, Inc. Darren has over 25 years of IT and Software experience in the Microsoft technology area, including serving as a Director in Infrastructure at Charles Schwab, CTO of Windows Management Solutions at Quest Software, and Sr. Director of Product Engineering at DesktopStandard. He has been a Microsoft MVP in Group Policy technology for the last 6 years and has written and spoken on Active Directory, Group Policy and PowerShell topics frequently over the years. He maintains the popular Group Policy resource web site at www.gpoguy.com and has been a contributing editor for Windows IT Pro Magazine since 1997. He has written and contributed to twelve books on Windows. Darren also speaks frequently at conferences on Windows infrastructure topics.