GPO win 2016

Hi what is the best practice or template for a new domain gpo
LVL 1
wannabecraigAsked:
Who is Participating?
 
Peter HutchisonSenior Network Systems SpecialistCommented:
I suggest setting user password and lockout policies in the Default Domain Policy, ideally a longish password length and complexity enbabled.

For PC and Server access, I suggest using Restricted Groups to restrict administrator access to them to specific user groups besides Domain Admins.

Password best practise
https://technet.microsoft.com/en-us/library/ff741764.aspx

Securing Active Directory
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/best-practices-for-securing-active-directory
0
 
Peter HutchisonSenior Network Systems SpecialistCommented:
Is this for DCs, member servers, PCs or users?

Best practise depends on what you want to achieve. It differs for each organisation.
0
 
wannabecraigAuthor Commented:
I'm setting up a new domain and I want to use the best security practice possible so this will apply to all default policies.
This is just a basic setup in a office so I've assigned all recommended policies which would have been designed for srv 2003 or 2008
Is there anything specific in 2016 by which the security can be enhanced ?
0
 
wannabecraigAuthor Commented:
worked
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.