This lab demonstrates the practical application of Group Policy Objects (GPO) to secure a corporate network. I focused on "Least Privilege" principles and department-specific security scoping within a Windows Server 2022 environment.
- Granular Scoping: Created and linked the
GPO_Finance_Desktop_Lockdownpolicy specifically to the Finance Organizational Unit (OU) to ensure high-security restrictions didn't disrupt other departments. - System Hardening: - Command Prompt Restriction: Disabled access to
cmd.exeto prevent unauthorized script execution.- Control Panel Lockdown: Restricted access to system settings to maintain a standardized user environment.
- Task Manager Block: Prevented users from killing critical security processes or monitoring tools.
- Desktop Environment Control: Forced a uniform corporate wallpaper and restricted desktop icon modifications to ensure brand compliance and professional standards.
- Active Directory Domain Services (AD DS)
- Group Policy Management (GPMC)
- Security Compliance & Hardening
- Organizational Unit (OU) Management
- Troubleshooting (GPUpdate /force & Resultant Set of Policy)
The full lab report, including configuration screenshots and policy validation, is available below: