Securing the Seven
April 29, 2010 2:18 PM   Subscribe

Looking for good learning tools for Windows 7 security & policy in a corporate environment

I have been tasked with learning Windows 7, and configuring the new Group Policies and Scripting for it on our domain at work, as well as understanding security for it inside and out. I have a basic understanding of such things under XP, but I am not an expert (yet) - I am taking over for Win7 from the person who did this for XP, and is no longer with the company.

I've picked up "Microsoft Windows 7 Unleashed" in the Sam's series, but it's mostly for home setup, it looks like - nothing about joining it to a domain. Security assumes you're on a home network with guests on your wireless, rather than a corporate domain with policies enforcing security and corporate needs (IT administration, app deployment, running applications at elevated or depreciated security levels, etc.)

While some of the principles still apply, I need more in-depth knowledge of GPOs and Domain attributes for Windows 7 - my google-fu failed me on this the first time around. Can anyone recommend any good resources for picking this up, either online or as a book?

Thank you!
posted by GJSchaller to Computers & Internet (3 answers total) 1 user marked this as a favorite
 
There's not much out there yet. You won't have to re-learn much from XP, however. The main thing to do is ensure that your domain controllers have the latest GPO extensions from MS Update. But, if you already understand Windows XP GPO stuff then you can go get your hands dirty with Windows 7.
posted by Burhanistan at 2:32 PM on April 29, 2010


Nothing really changed security wise from xp . Microsofts resources are the best way to learn about the changes. Anyway everything that applies to xp applies to windows 7 except for UAC.
posted by majortom1981 at 4:55 PM on April 29, 2010


Look at your predessors group policies for XP. 7 isn't that much different and most of the rules are exactly the same. You can get the updated ADM files form technet.

What I think you should do is get a server 2003 or 2008 license and setup a test network. Install the group policy manager. Link a GP object to a group. Apply changes. See what they do on the client end.

The same rules apply:

LUA - make your users non-admins. Allow them rights to what they need from there.

IE - Lock it down. Disable ActiveX. Push out your own list of trust sites. Disable toolbar installs.

Firewall - set your exemptions via GP. Remember to leave yourself holes for remote desktop/assistance or remote registry if you use them.

UAC - dont disable this, regardless of the whining you hear.

Automatic updates - set it to use your WSUS. Set them to get updates daily, install at night, etc.
posted by damn dirty ape at 9:11 PM on April 29, 2010


« Older Can I get an apartment in Seattle if I'm in...   |   Food Subsidy Inverse of Food Pyramid Newer »
This thread is closed to new comments.