This is an automated archive.
The original was posted on /r/cybersecurity by /u/QuestionFreak on 2023-08-28 14:58:32+00:00.
Has anyone implemented the following GPO in your infrastructure? If yes, could you please inform me if you took any backups before making the mentioned changes? Also, I'm concerned about potential issues with the domain controller.
should I copy the ADMX files to one of the domain controllers, or can I copy them to any member server which I use to administer GPO settings for the domain using Group Policy Management Console.
Could you advise on the best practices for rolling back these changes if needed?
Your assistance in this matter would be greatly appreciated.
Option 2: UAC Token-Filtering
An additional control that can be enforced via GPO pertains to the usage of local accounts for remote administration and connectivity via a network logon. If the full scope of permissions (referenced above) cannot be implemented in a short timeframe, consider applying the UAC token-filtering method to local accounts for network-based logons.
To leverage this configuration via a GPO setting:
Download the Security Compliance Toolkit () to utilize the “MS Security Guide” ADMX and ADML files.
Once downloaded, the "SecGuide.admx" and "SecGuide.adml" files must be copied to the “\Windows\PolicyDefinitions” and “\Windows\PolicyDefinitions\en-US” directories respectively.
If a Centralized GPO store is configured for the domain, copy the “PolicyDefinitions” folder to the “C:\Windows\SYSVOL\sysvol\Policies” folder.