• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1037
  • Last Modified:

Local Group Policies - Best Practice

Hi there,

Can anyone help me with "Best Practice" for setting policies in the following areas on laptops within a domain. Bearing in mind they may be used outside the domain I want Domain policy to override Local when inside the network but obviously the Firewall needs to be turned on when used outside the Domain. Areas of concern:

Windows Firewall and Advanced Security
Network List Manager Policy
Public Key Policies
Software Restriction Policies
Application Control Policies
Advanced Audit Policy Configuration

Phew,! quite a list but any help would be appreciated.
1 Solution
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
First I'm not sure if you are aware that Windows Firewall has TWO automatic settings, Domain and Standard.  Domain applies when the computer is attached to the domain network, and the Standard profile will be applied otherwise -- when the computer is elsewhere.
The firewall should always be on, whether inside or outside.

There is a good guide for this here:

But it looks like you may want to first get a better overview of AD security, so take some time to read through this great article:

Obi_Want_Kanobeer---Extreme_JediAuthor Commented:
Thanks old chap , thats just the sort of help I was looking for.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell┬« is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now