There is a little aphorism that’s grown on me over time. It’s a simple mantra, which hopefully you can agree with:
If you don’t know Group Policy, you don’t know security.
That’s because Group Policy and security are so intrinsically linked. The weird part is that the Group Policy engine itself isn’t a security mechanism. The Group Policy engine is a settings delivery mechanism. What you’re delivering, the payload of “instructions,” could be security oriented.
But if you don’t understand the range of what you can do with Group Policy—either the engine itself or the security payloads it can deliver—then, as my aphorism goes, “You don’t know security.”
Not only are you setting configuration items (which will make you more secure), and not only are you setting security items (which will also make you more secure), but you also need to know the ins and outs of where Group Policy applies, who it applies to, and when that magic is going to happen.
But Group Policy is a big, big place, and we simply don’t have room to go over all the stuff you can do with Group Policy or even all the security stuff you can do with Group Policy. So I’m picking the most important things to show you in this chapter with the amount of room I have.
In this security chapter we’ve got an enormous amount to cover. Here’s the list: