The goal of this lab is to understand how Group Policy Objects and Password Settings Objects are enforced and used on a contextual and practical level. We also joined a client PC to our Domain and enforced these Policies on the client machine. We also played with how blocking inheritence of these objects interacts with the client machine to see which configurations work and which don 't.
Procedure:
Please check wiki for any and all configuration documentation. Below are usernames and passwords to log into each machine and service.
System or Service Username Password
RHEL(root) Root T3m9P@5s
RHEL Amanley lol92rofl
CentOS(root) Root lol92rofl
CentOS Amanley T3m9P@5s
OpsView Admin lol92rofl
Wiki Admin T3m9P@5s
Windwoes Administrator T3m9P@5s …show more content…
For example Password Settings Objects do not do anything to harden a system but will disallow users from creating a short or bad password. This would disable hackers immediate (relatively) entry into the system, but will not stop their attempts. These objects can also be applied on different levels such as domain, site, organizational unit. This would be useful for someone in an administrative position as they would have access to more sensitive information when compared to a peon within the company. You could then force administration to use stronger passwords which makes this sensitive information harder to get …show more content…
For example if someone in the “dip” (dip a wax model of a part into plaster to create a mold) department had an engineer log on to be able to use the computer because the other employee could not remember the standard Factory username and password we could deem that machine as a security risk as it had much more information available to employees that normally would never see anything of the sort. This is only one example of security auditing using Group Policy Objects.
Another example was that we would track any and all objects created within our local domain, during my time there, my controller only ever had user accounts created by me, but if someone got access to the administrator account I could tell what they had created, when and how. Being that no one could have accessed our network, I never saw this happen once, but was assured that it would