Hippa Windows XP lockdown policy through Windows 2003

Posted on 2009-12-16
Last Modified: 2013-11-15
I am currently involve in a large production project that involves about 300 computers in an Medical Environment that I need to strictly follow HIPPA Regulations.  I am currently running windows 2003 Server Enterprise and I need a good group policy or find one that will lockdown the computers according to HIPPA regulations.

If any assistance would be greatly appreciate it.
Question by:medtech1978
    LVL 27

    Accepted Solution

    I would go with what these folks advise;

    They do not play around when it comes to security. It would be great to know exactly what the HIPPA standards expect from your efforts.
    LVL 4

    Expert Comment

    Isn't it HIPAA (The Health Insurance Portability and Accountability Act) ?

    I think it would be well worth getting some end point protection software for this, Symantec End Point Protection is what we use to lock machines down and it gives much greater control, monitoring and reporting than using group policies.

    Other software will help you achieve the same but I have not used them personally but heard good things, McAfee ePO and Sophos Endpoint Security and Control.

    To be honest I doubt group policy on 2003/XP machines will be up to the job.
    LVL 27

    Expert Comment

    by:Jason Watkins
    A/V software on Windows XP is a given at this point.  Any IT admin/manager that does not put A/V software on his/her Windows machines, should be relieved of their duties.  Group policy is incredibly effective in implementing a secure computing environment.  Example, IPSec for clients and servers, which is done through GPO.
    LVL 4

    Expert Comment

    Not sure if the AV point was aimed at what I suggested or just thrown in, but endpoint protection software is not only AV, we use it to control which removable storage devices can be used, where and to log the use of them.  (cannot be done via group policy in a 2003 domain)

    It controls which software is installed and allowed to run on which machines, again logging the running of the software (including parts of the OS). (This can be done using group policy but it is PITA to set up and manage)

    Has location based firewall rules which are very handy for laptops (cannot be done via group policy in a 2003 domain).

    It also has host based IDS, and fantasic reporting and compliance monitoring.

    HIPAA obviously requires you to ensure accountability for data, which means controlling which removable media can be used on specific machines and logging the use of it. I do not know of a way you can achieve this using group policy.

    Group policy is fantastic for certain things but I do not believe that you will achieve what you want to accomplish with GPOs.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Today companies are subjected to more-and-more data, and it won't stop any time soon.  But there are obvious opportunities for reducing data, particularly data duplicated among companies.
    I use more than 1 computer in my office for various reasons. Multiple keyboards and mice take up more than just extra space, they make working a little more complicated. Using one mouse and keyboard for all of my computers makes life easier. This co…
    The viewer will learn how to create multiple layers to apply various filters and how to delete areas from each layer’s filter.
    The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now