These 10 Windows group policy settings will create stronger security

Configure these 10 group policy settings carefully, and enjoy better Windows security across the office

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

One of the most common methods to configure an office full of Microsoft Windows computers is with group policy. For the most part, group policies are settings pushed into a computer's registry to configure security settings and other operational behaviors. Group policies can be pushed down from Active Directory (actually, pulled down by the client) or configured locally.

I've been doing Windows computer security since 1990, so I've seen a lot of group policies. In my work with customers, I scrutinize each group policy setting within each group policy object. With Windows 8.1 and Windows Server 2012 R2, for example, there are more than 3,700 settings for the operating system alone.

I'll let you in on a little secret: I care about only 10 settings.

I'm not saying you should stop at these 10 since each properly configured group policy setting can reduce risk. But I am saying that 10 settings determine most of your risk -- everything else is gravy. When I start looking at a new group policy, the first thing I do is scan these 10 settings. If they're set correctly, I know the customer is doing the right thing and my job will be be easier.

Get these 10 settings right, and you'll go a long way toward making your Windows environment more secure. Each of these falls under the Computer Configuration\Windows Setting\Security Settings leaf.

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.