Group Policy Object Editor   The Group Policy Object Editor is a tool that hosts MMC extension snap-ins that manage policy settings. All functionality is provided by extension snap-ins. Administrators manage policy settings using the Group Policy Obj…

用windows自带的GPO Editor编辑修改,然后利用注册表监控器regFromApp监视注册表的改动,就知道某个策略修改了注册表的哪个字段了. 下面是禁止U盘访问的例子:   #include <gpedit.h> #include <windows.h> #include <objbase.h> #include <comdef.h> #include <sstream> #include <iostream> int ma…

10 Common Problems Causing Group Policy To Not Apply Group Policy is a solid tool and is very stable. Microsoft has made constant improvements to it since Windows 2000. It allows for the configuration and deployment of pretty much anything in your Ac…

RDP setting group policy 1.Login to domain controller and go to Group Policy Management tool2.Click to Domain name and double click Group Policy Object3.Right click and new a GPO"RDP settings"4.Go to "Computer Configuration"->Polici…

一.Setting Home Page with Group Policy Preferences 1.Open the Group Policy Management Console and create a new GPO. 2.Browse to User Configuration -> Preferences -> Control Panel Settings -> Internet Settings. Right click and choose New -> Inte…

Overview In this article, I’ll talk about your options when it comes to managing Group Policy using PowerShell. To be sure, depending upon your needs, Group Policy is nearly a full citizen in the world of PowerShell-based management. I’ll talk about…

一.How to create a Group Policy Central Store You have downloaded or created your own Group Policy Administrative Templates, and would like them to be stored centrally, opposed to individually on each Domain Controller. Here’s how to create a Group Po…

I'm currently working on a new Windows Server 2012 and Windows 8 project. As part of that project is to implement new standarised security policies for both Windows Server 2012 and Windows 8, much like the Server 2008 and Windows 7 policies we use. T…

Three Steps Ahead Have you ever wished that you had three legs? Imagine how much faster you could run.  Today we are going to look at three steps to migrating GPOs between domains or forests with PowerShell.  Now that is fast! The Problem Have you ev…

Opening a file from a DFS domain share shows a security warning while openning from the server share directly doesn't. To solve this problem, add "*.domain.local" to intranet zone in internet options. To add the domain to the intranet zone autom…

参考:http://supportishere.com/how-to-apply-local-group-policy-settings-silently-using-the-importregpol-exe-and-apply_lgpo_delta-exe-utilities/ In many Organizations, the AD support team is separated from the team in charge of Imaging.  The AD team natu…

Due to IE10 published, I'll conclude the methods that how to add trust sites in to IE of the version before IE10. General, there are three methods to set trust sites to client machine by GPO from DC configured on windows 2003 or windows 2008. If the…

组策略介绍group policy 高效学习法,念念不忘,必有回响. 分享一个高效学习思维,潜意识思考.就是在您没有大量时间的情况下,学习十分钟. 然后离开去完成别的事情的时候,大脑潜意识中还会继续思考前面放下的事情. 但是,您一定要记得,再次回来继续学习,否则高效就前功尽弃. 什么是组策略? control of users and computers is centralized. 系统管理员集中控制网络上的用户和计算机. 可以配置桌面的设置,打印机和登录脚本. 组策略工作方式 管理员在ac…

总结与反思: GPP中管理员给域成员添加的账号信息存在xml,可以直接破解拿到账号密码. Windows Sever 2008 的组策略选项(GPP)是一个新引入的插件,方便管理员管理的同时也引入了安全问题 测试环境 windows7 普通域成员 windows2008 域控 首先部署GPP,这里我部署的策略是给域成员都添加一个test用户,密码为test123 添加一个本地用户 然后来到组策略管理 将domain computers 添加到验证组策略对象 然后到域成员win7这台机器上执行 g…

1 开机按F8,进入安全模式 2 进入系统之后运行注册表,定位到HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList下面,把这种很长的都先备份一下,然后删除.   3 重启即可.…

再次之前先讲一些知识点: 密码的难题 每台Windows主机有一个内置的Administrator账户以及相关联的密码.大多数组织机构为了安全,可能都会要求更改密码,虽然这种方法的效果并不尽如人意.标准的做法是利用组策略去批量设置工作站的本地Administrator密码.但是这样又会出现另一个问题,那就是所有的电脑都会有相同的本地Administrator密码.也就是说,如果获取了一个系统的Administrator认证凭据,黑客就可以获取他们所有机器的管理权限. 总结:在域中信息的搜集是相当…

最近因为一个监控相关的项目,深入研究了一下 windows 的 远程桌面的相关知识. 1. 如何让关闭了远程桌面连接的用户,对应的 session 立即退出 windows server. 大家使用 mstsc.exe 远程桌面登录windows server时,退出时,99.99%的人会直接关闭 mstsc.exe 窗口,而不会点击开始--->退出.导致的问题是,登录用户已经提出了,但是 query user 和 query session 时,发现退出的用户,在 windows server…

135端口:Microsoft在这个端口运行DCE RPC end-point mapper为它的DCOM服务.这与UNIX 111端口的功能很相似.使用DCOM和RPC的服务利用计算机上的end-point mapper注册它们的位置.远端客户连接到计算机时,它们查找end-point mapper找到服务的位置. 135端口主要用于使用RPC(Remote Procedure Call,远程过程调用)协议并提供DCOM(分布式组件对象模型)服务,通过RPC可以保证在一台计算机上运行的程序可以…

MSC It is the Microsoft Management Console Snap-in Control File, like services.msc, devmgmt.msc (Device Manager), they are system files. Windows open them using mmc.exe Microsoft Management Console. It is addition to the management console in Windows…

Disable access to Windows Update If this policy setting is enabled, all Windows Update features are removed. It blocks access to the Microsoft Update and Windows Update Web sites, and in Windows Vista will gray out the Check for updates option in the…

原文链接:https://www.cnblogs.com/JangoJing/p/6769759.html 1.https证书的分类 SSL证书没有所谓的"品质"和"等级"之分,只有三种不同的类型.SSL证书需要向国际公认的证书证书认证机构(简称CA,Certificate Authority)申请.CA机构颁发的证书有3种类型:域名型SSL证书(DV SSL):信任等级普通,只需验证网站的真实性便可颁发证书保护网站: 企业型SSL证书(OV SSL):信任等级强,…

Add the Log on as a service Right to an Account Updated: August 8, 2008 Applies To: Windows Server 2008 You can use this procedure to add the Log on as a service right to an account on your computer. Membership in the local Administrators group, or e…

一.  针对于未添加到域中的机器 cmd中执行gpedit.msc 打开Local Group Policy Editor查看password policy设置,修改对应的password policy 二. 针对于已经添加到域中的机器 cmd中执行gpedit.msc 打开Local Group Policy Editor查看password policy设置,各个设置变为灰色,不可编辑 此时,我们应该修改域策略 具体步骤如下: 1. run中运行gpmc.msc 2.依次打开“Forest”…

转自:https://support.microsoft.com/en-us/help/2696547/detect-enable-disable-smbv1-smbv2-smbv3-in-windows-and-windows-server Summary This article describes how to enable and disable Server Message Block (SMB) version 1 (SMBv1), SMB version 2 (SMBv2), an…

Configure Trusted Roots and Disallowed Certificates Updated: May 5, 2014 Applies To: Windows 8.1, Windows Server 2012 R2 The Windows Server 2012 R2, Windows Server 2012, Windows 8.1, and Windows 8 operating systems include an automatic update mechani…

https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs Windows Hello for Business works exclusively with the Active Directory Federation Service role included with Windows Server 2016 and require…

AppLocker can help you: Define rules based on file attributes that persist across app updates, such as the publisher name (derived from the digital signature), product name, file name, and file version. You can also create rules based on the file pat…

gateway / 网关 gateway account / 网关帐户 Gateway Service for NetWare / NetWare 网关服务 GDI objects / GDI 对象 Generic Application resource / 一般应用程序资源 Generic Service resource / 一般服务资源 global account / 全局帐户 global catalog / 全局编录 global group / 全局组 glue chasing …

 最近我们发布了一份<Windows网络安全白皮书>(单击此处下载),文中深入说明了客户可以如何利用该平台的本地功能,为他们的信息资产提供最好的保护. 由首席顾问Walter Myers撰写的这篇文章从这份白皮书展开,说明了如何在网络级别隔离虚拟网络中的虚拟机. 简介 应用程序隔离是企业环境中的一个重要问题,因为企业客户需要保护多种环境,防止这些环境被未授权或无关人员访问.这包括经典的前端和后端场景:特定后端网络或子网络中的虚拟机可能只允许根据 IP 地址白名单,让特定客户端或其他计算机连…

今天我们将向您展示如何使用我们最喜欢的工具之一Proc Mon,在您更改PC上的组策略设置时查看编辑的注册表项. 使用Proc Mon查看组策略对象修改的注册表设置 您要做的第一件事就是从Sys Internals网站获取Proc Mon的副本. 然后,您需要解压缩该文件夹并运行Procmon.exe文件. 当Proc Mon打开时,您需要添加如下条件: 进程名称是mmc.exe然后包含 然后单击"添加"按钮. 要仅获取更改的注册表项,我们需要添加另一个: 操作是RegSetValue…