Designing Security Policy
Updated: March 28, 2003
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
You can use GPMC to centralize the process of deploying and managing Group Policy–based security for servers running Windows 2000 Server and Windows Server 2003 and clients running Windows 2000 Professional and Windows XP Professional. Use Group Policy–based security policies to deploy and manage the following security areas:
Security settings. These settings are used to define values for various security-relevant operating system parameters, such as password policy, user rights assignment, audit policy, registry values, file and registry ACLs, and service startup modes.
IPSec policies. These policiesare used to configure IPSec services for authenticating or encrypting network traffic. An IPSec policy consists of a set of security rules, and each security rule consists of an IP filter with an action.
Software restriction policies. These policies are used to help protect computers from code that is not trusted by identifying and specifying which applications are permitted to run.
Wireless network policies. These policiesare used to configure settings for the Wireless Configuration Service, a user-mode service that operates on each of the IEEE 802.11 wireless network adapters that are installed on a computer.
Figure 4.2 Designing Security Policy
As with all Group Policy settings, you must fully test your implementation before you deploy your security settings to your production environment. For more information about Group Policy staging and testing, see "Staging Group Policy Deployments" in this book and "Designing a Test Environment" in Planning, Testing, and Piloting Deployment Projects of this kit.