Local Group Policies - Best Practice

Posted on 2012-09-03
Last Modified: 2012-09-04
Hi there,

Can anyone help me with "Best Practice" for setting policies in the following areas on laptops within a domain. Bearing in mind they may be used outside the domain I want Domain policy to override Local when inside the network but obviously the Firewall needs to be turned on when used outside the Domain. Areas of concern:

Windows Firewall and Advanced Security
Network List Manager Policy
Public Key Policies
Software Restriction Policies
Application Control Policies
Advanced Audit Policy Configuration

Phew,! quite a list but any help would be appreciated.
    LVL 74

    Accepted Solution

    First I'm not sure if you are aware that Windows Firewall has TWO automatic settings, Domain and Standard.  Domain applies when the computer is attached to the domain network, and the Standard profile will be applied otherwise -- when the computer is elsewhere.
    The firewall should always be on, whether inside or outside.

    There is a good guide for this here:

    But it looks like you may want to first get a better overview of AD security, so take some time to read through this great article:


    Author Closing Comment

    Thanks old chap , thats just the sort of help I was looking for.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
    Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
    The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
    With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now