Group Policy includes security settings under "Computer Configuration, Windows Settings, Security Settings". You can complete the configuration of these settings by importing preconfigured security templates into policies.
Apply group policy
The following steps show how to apply Group Policy and how to add security groups to User Rights Assignment.
Apply Group Policy to Organizational Units or Domains
1. Click Start, click Administrative Tools, click Active Directory Users and Computers to open Active Directory Users and Computers.
2. Highlight the relevant domain or organizational unit, click the "Operations" menu, and select "Properties".
3. Select the "Group Policy" tab.
Note: Multiple policies can be applied per container. These strategies are processed in order from the bottom of the list upwards. If there is a conflict, the last applied policy will be preferred.
4. Click "New" to create a policy and give it a practical name, such as "Domain Policy".
Note: Click the Options button to configure the "Disable Override" setting. "Prohibited substitution" is configured for each individual policy, not for the entire container; "Blocked policy inheritance" is configured for the entire container. If the "Don't Override" and "Block Policy Inheritance" settings conflict, the "Don' Override" setting takes precedence. To configure "Block Policy Inheritance", select the check box in the OU property.
Group policies can be updated automatically, but to start the update process immediately, you can use the following GPUpdate command at the command prompt: GPUpdate /force
Add security group to User Rights Assignment
1. Click Start, click Administrative Tools, click Active Directory Users and Computers to open Active Directory Users and Computers.
2. Highlight the relevant OU (such as "Member Server"), click the "Operation" menu, and select "Properties".
3. Click the Group Policy tab, select the relevant policy (such as "Member Server Benchmark Policy", and then click Edit.
4. In the Group Policy Object Editor, expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then highlight User Rights Assignment.
5. In the right pane, right-click the relevant user permissions.
6. Select the "Define these policy settings" check box and click "Add users and groups" to modify the list.
7. Click OK.
Import security templates into group policy
The following steps show how to import security templates to Group Policy.
Import security templates
1. Click Start, click Administrative Tools, click Active Directory Users and Computers to open Active Directory Users and Computers.
2. Highlight the relevant domain or OU, click the "Operations" menu, and select "Properties".
3. Select the "Group Policy" tab.
4. Highlight the relevant policies and click Edit.
5. Expand Computer Configuration, expand Windows Settings, and then highlight Security Settings.
6. Click the "Actions" menu and select "Import Policy".
7. Navigate to \Security Guide\Job Aids, select the relevant template, and click "Open".
8. In the Group Policy Object Editor, click the File menu and select Exit.
9. In the container properties, click OK.
Use "Security Configuration and Analysis"
The following steps show how to use Security Configuration and Analysis to import, analyze, and apply security templates.
Import security templates
1. Click Start, click Run. Type mmc in the Open text box, and then click OK.
2. In the Microsoft Management Console, click File and select Add/Remove snap-in.
3. Click Add to highlight Security Configuration and Analysis in the list.
4. Click Add, Close, and OK.
5. Highlight "Security Configuration and Analysis", click the "Operation" menu, and select "Open Database".
6. Type a new database name (such as Bastion Host) and click "Open".
7. In the "Import Template" interface, navigate to \Security Guide\Job Aids and select the relevant template. Click Open.
Analyze imported templates and compare them with the current settings
1. Highlight "Security Configuration and Analysis" in the Microsoft snap-in, click the "Actions" menu, and select "Analyze Computer Now".
2. Click OK to accept the default "Error log file path".
3. After completing the analysis, expand the node title to study the results.
Apply security templates
1. Highlight "Security Configuration and Analysis" in the Microsoft snap-in, click the "Operation" menu, and select "Configure Computer Now".
2. Click OK to accept the default "Error log file path".
3. In the Microsoft Management Console, click File, and then select Exit to close Security Configuration and Analysis.
Apply group policy
The following steps show how to apply Group Policy and how to add security groups to User Rights Assignment.
Apply Group Policy to Organizational Units or Domains
1. Click Start, click Administrative Tools, click Active Directory Users and Computers to open Active Directory Users and Computers.
2. Highlight the relevant domain or organizational unit, click the "Operations" menu, and select "Properties".
3. Select the "Group Policy" tab.
Note: Multiple policies can be applied per container. These strategies are processed in order from the bottom of the list upwards. If there is a conflict, the last applied policy will be preferred.
4. Click "New" to create a policy and give it a practical name, such as "Domain Policy".
Note: Click the Options button to configure the "Disable Override" setting. "Prohibited substitution" is configured for each individual policy, not for the entire container; "Blocked policy inheritance" is configured for the entire container. If the "Don't Override" and "Block Policy Inheritance" settings conflict, the "Don' Override" setting takes precedence. To configure "Block Policy Inheritance", select the check box in the OU property.
Group policies can be updated automatically, but to start the update process immediately, you can use the following GPUpdate command at the command prompt: GPUpdate /force
Add security group to User Rights Assignment
1. Click Start, click Administrative Tools, click Active Directory Users and Computers to open Active Directory Users and Computers.
2. Highlight the relevant OU (such as "Member Server"), click the "Operation" menu, and select "Properties".
3. Click the Group Policy tab, select the relevant policy (such as "Member Server Benchmark Policy", and then click Edit.
4. In the Group Policy Object Editor, expand Computer Configuration, expand Windows Settings, expand Security Settings, expand Local Policies, and then highlight User Rights Assignment.
5. In the right pane, right-click the relevant user permissions.
6. Select the "Define these policy settings" check box and click "Add users and groups" to modify the list.
7. Click OK.
Import security templates into group policy
The following steps show how to import security templates to Group Policy.
Import security templates
1. Click Start, click Administrative Tools, click Active Directory Users and Computers to open Active Directory Users and Computers.
2. Highlight the relevant domain or OU, click the "Operations" menu, and select "Properties".
3. Select the "Group Policy" tab.
4. Highlight the relevant policies and click Edit.
5. Expand Computer Configuration, expand Windows Settings, and then highlight Security Settings.
6. Click the "Actions" menu and select "Import Policy".
7. Navigate to \Security Guide\Job Aids, select the relevant template, and click "Open".
8. In the Group Policy Object Editor, click the File menu and select Exit.
9. In the container properties, click OK.
Use "Security Configuration and Analysis"
The following steps show how to use Security Configuration and Analysis to import, analyze, and apply security templates.
Import security templates
1. Click Start, click Run. Type mmc in the Open text box, and then click OK.
2. In the Microsoft Management Console, click File and select Add/Remove snap-in.
3. Click Add to highlight Security Configuration and Analysis in the list.
4. Click Add, Close, and OK.
5. Highlight "Security Configuration and Analysis", click the "Operation" menu, and select "Open Database".
6. Type a new database name (such as Bastion Host) and click "Open".
7. In the "Import Template" interface, navigate to \Security Guide\Job Aids and select the relevant template. Click Open.
Analyze imported templates and compare them with the current settings
1. Highlight "Security Configuration and Analysis" in the Microsoft snap-in, click the "Actions" menu, and select "Analyze Computer Now".
2. Click OK to accept the default "Error log file path".
3. After completing the analysis, expand the node title to study the results.
Apply security templates
1. Highlight "Security Configuration and Analysis" in the Microsoft snap-in, click the "Operation" menu, and select "Configure Computer Now".
2. Click OK to accept the default "Error log file path".
3. In the Microsoft Management Console, click File, and then select Exit to close Security Configuration and Analysis.