S 4.245 Basic settings for Windows Group Policy Objects

Initiation responsibility: IT Security Officer

Implementation responsibility: Administrator

The resources available in IT-Grundschutz include specifications for Windows XP and Windows Server 2003 containing security settings in the form of tables. They can serve as a basis for the security settings in a group policy. The suggested values are derived from the requirements in S 4.244 Secure configuration of Windows client operating systems and S 5.123 Securing network communication under Windows. Specifications for authorisations to be assigned can be found in S 4.247 Restrictive assignment of authorisations under Windows Vista and Windows 7 and in the Resources for IT-Grundschutz.

It is always necessary in any case to adapt the specified values to the local conditions. When creating the group policy concept, it is also necessary to distribute the individual values to different group policy objects and adapt them so they fulfil the intended purpose. This can result in different values for individual entries.

If the basic settings specified are adapted (and especially if they are weakened), then the changes must be checked for possible security-related effects.

Review questions:

• Have the basic settings for Windows Group Policy Objects been adapted to your requirements?
• Were the possible security-relevant effects resulting from weakening the basic settings of the Windows Group Policy Objects examined?