• Calendar
• A-Z Index

Find it

• About ITS
• Policies
• Feedback
• Search ITS
• ITS A-Z Index
• System Status

Group policy for Windows 2000/XP machines

This document describes the group policy that is set for all on campus computers configured to be in the Yale School of Medicine Windows Active Directory.

• Security Options
• Event Log
• Audit
• Software Update Services (SUS)
• Windows XP SP2

Security options

• Rename guest account – rename the built-in guest account.
• Allow system to be shut down without having to log on - set so the option to shut down the computer does not appear on the Windows log on screen.
• Additional restrictions for anonymous access – set to “Do not allow enumeration of SAM accounts and shares”. This replaces “Everyone” with “Authenticated Users” in the security permissions for resources.
• Windows Installer – set to start automatically

EventLog

• Maximum security log size – set the maximum log size to 5120KB (default 512KB)
• Retention Method for Security Log – as needed

Audit

• Audit account management – set to audit success and failures of account management. A user account or group is created, changed or deleted. A user account is renamed, disabled or enabled. A password is set or changed.
• Audit Logon Events – set to audit logon successes and failures of a user logging on, logging off, or making a network connection to this computer.
• Audit Object Access – set to audit failures of a user accessing an object which has it’s own system access control list specified.
• Audit Policy Change – set to audit success and failures of a change to user rights assignment policies, audit policies or trust policies
• Audit Privilege use – set to audit failures of a user exercising a user right.
• Audit System Events – set to audit success and failures when a user restarts or shuts down the computer; or an event has occurred that affects either the system security or the security log.

Software Update Services (SUS)

SUS enables desktop computers running Windows 2000 or higher, to automatically connect to a local ITS SUS server and receive updates. SUS enables ITS to quickly and reliably deploy critical updates in an automated fashion to Windows computers on the YSM network.

Windows XP SP2

Windows XP Service Pack 2 adds many new security features including a firewall and pop-up blocker. While tighter security is better, it does cause certain applications to break. We have made special rules for all Yale resources including Oracle financials, library resources such as Ovid and Symantec Antivirus.