The Group Policy Management Console (GPMC) is installed by default on Windows Server 2008 domain controllers. In the GPMC there is a new feature called Starter GPOs. A Starter GPO can contain policy settings that are frequently included in new GPOs. An Administrator can create multiple Starter GPOs each with a different combination of settings. When creating a standard GPO, an Administrator can save time by selecting the appropriate Starter GPO instead of entering the settings individually.
A Starter GPO can serve as template for new GPOs or can be used to supply baseline security settings to lockdown desktops and servers. In the past Microsoft supplied security template files- such as SecureWS.inf for Windows XP- which could be imported into the Security node of a GPO. The settings in a template file could be tailored to protect a computer that served a particular role, such as Web Server or File Server or even a client computer such as Windows 7. Microsoft released a new generation of security templates for Windows7, Server 2008 R2 and previous versions of Windows on November 12, 2009 with the latest edition of its Security Compliance Management Toolkit Series. Included in the Toolkit are template files for Windows 7 as an Enterprise Client in an average network, and templates that are suitable for high security classified networks called Specialized Security – Limited Functionality (SSLF). These templates are very restrictive and will prevent many applications from functioning unless edited. These new templates can be imported into Starter GPOs in the GPMC. Any new GPO could be created with the security settings in a Starter and have the most current protection available.
Included in the Toolkit is a Whitepaper called Windows® 7 Security Guide which includes some of Microsoft’s latest thinking on security matters. The guide touches on application compatibility issues and makes reference to tools and utilities such as the Application Compatibility Toolkit that can resolve application issues. Digital Rights Management is also discussed, with recommendations for the use of the Active Directory Rights Management Server Role (AD RMS) to secure Office and media files.
If you are serious about securing your Window 2008/Vista/Windows 7 environment the Security Compliance Management Toolkit Series is an absolute must-have.
Get it at: