Group Policy Blog

Group Policy as Malware Delivery System

While the title to this post may sound a bit scary or ominous, the subject of this post is definitely real. A fellow IT guy whom I’ve known for many years, alerted me to a situation he came across in an IT shop he was helping. Namely, the customer’s computers got infected with a ransomware virus, which … Read More.

Security Fun: Bloodhound, MS16-072 and GPO Discoverability

I had a chance to attend my first BlackHat/Defcon conference last week in Las Vegas. I also attended the very excellent BSides conference, happening concurrently. Besides being shaken to my core from the skills demonstrated during the week :-), I got a chance to see some excellent talks related to Windows security and some super … Read More.

MS16-072 – GP Permissions and an overview

Hello Group Policy fans enthusiasts happy people! Darren and I had a quick discussion about his script to remediate the problems created by applying MS16-072 and GP processing. Read Darren’s previous post for context but here is a recording of our discussion. Have a good day and happy troubleshooting! Kevin

Auditing Security Access Changes on Critical Windows Servers

Here’s the scenario: You’ve got some Windows servers that contain critical customer data–it might be customer records,  or PCI (Payment Card Industry) data, or just a critical system on your network. You rightly use Group Policy Restricted Groups policy or similar, to control access to those servers. That Group Policy controls which users or groups … Read More.

Video on Group Policy Preference Password Remediation

Just a quick follow up to my previous post on Group Policy Preference password remediation–our very own Kevin Sullivan posted a great video walkthrough of the problem and our tool for remediating these passwords. Enjoy! Darren  

Remediating Group Policy Preference Passwords

A little over two weeks ago, the United State Computer Emergency Readiness Team (US-CERT) issued a bulletin calling for admins to take action on an old issue that I’ve covered extensively in the past. The issue relates to the fact that there are several areas within Group Policy Preference (GPP) that used to allow you to enter user … Read More.

“Secure by Default” and Hardening Your Windows Configurations

I had a good email conversation last week with someone on the PowerShell team at Microsoft, in the wake of the release of our Desired State Configuration CSE. The gist of his question was around how users could protect the configuration information held within the DSC documents that got deployed via Group Policy. He mentioned … Read More.

Understanding the JASBUG Vulnerability and Group Policy

Earlier this week, Microsoft released a couple of patches that addressed vulnerabilities in our good friend Group Policy. First, I will say that it’s relatively rare to see such vulnerabilities directly effect Group Policy function, like this one does. That’s a good thing. That said, this one, while not trivial to exploit, is relatively serious … Read More.

Disabling Print Screen through Group Policy

Recently someone asked if it was possible to disable the print screen functionality on their keyboard through Group Policy. My initial response was that I had never seen a policy setting to do this, and indeed I figured that you would need to do some low level trapping of keyboard commands to make this work. … Read More.

Using GP Preferences to protect against the zero-day shortcut vulnerability

Microsoft recently announced a new security vulnerability in Windows shortcuts that affects all versions of Windows since XP! Its references here: http://support.microsoft.com/kb/2286198. This particular vulnerability takes advantage of the icon that appears in shortcut (.lnk and .pif) files on Windows. Within the article cited above, Microsoft provides a “FixIt” workaround for the problem that essentially … Read More.