What can we help you with?

Supercharged PAM

Combine the best of Session Management and Credential Management solutions at a new, incredible value!

Learn More Learn More

What is BeyondTrust?

Get a closer look inside the BeyondTrust identity & access security arsenal.

Learn More Learn More

Gartner Peer Insights

Find out how customers & analysts alike review BeyondTrust.

Learn More Learn More

Go Beyond Customer & Partner Conference

Our biggest customer conference of the year is happening in Miami and virtually on May 1-5, 2023.

Learn More Learn More

Watch Our Video

Find out more about our integrations.

Learn More Learn More

Leader in Intelligent Identity & Secure Access

Learn how BeyondTrust solutions protect companies from cyber threats.

Learn More Learn More

Group Policy is the primary mechanism within the Windows Operating System for managing security configuration. It generally does this in a scalable and reliable fashion.

It also provides an extensibility model such that third-party vendors can extend what security settings (or other settings) can be configured using Group Policy. In this whitepaper, we will cover the following areas related to Group Policy and security configuration management:

  • How Group Policy works to enforce security configuration on Windows servers and desktops
  • How you can configure security based on “best-practice” baselines
  • The benefits and challenges of using Group Policy as your security configuration tool
  • Learn how third-parties leverage and extend Group Policy to provide value-added security configuration features

Group Policy as a Security Configuration Tool

As you know, Group Policy, or related technologies, have been in Windows for a long time. The ability to push registry values that lockdown a user’s desktop (e.g. by hiding certain Explorer elements or configuring Internet Explorer restrictions) have been around since NT 4.

But the ability to manage Windows security configuration through Group Policy was first introduced in Windows 2000 when Group Policy itself became a reality.

Since then, the security configuration capabilities of Group Policy have grown with every new release of Windows. Most of the features related to security configuration in a Group Policy Object (GPO) are defined on a “per-computer” basis.

If you remember how Group Policy works, you can target GPOs at either computer objects or user objects in Active Directory. Thus most security policy is targeted at computer objects, and applies regardless of who is logged into a given computer. You’ll find most of the security-related policy settings within the Group Policy Editor namespace under Computer ConfigurationPoliciesWindows SettingsSecurity Settings, as shown in Figure 1.

Group Policy Configuration Tool