Category: Microsoft

Microsoft Active Directory How to Create a Group Policy Central Store

Group Policy is used in Active Directory (AD) domain environments to centrally manage Windows Server and client configuration settings. By default, when using Group Policy management tools, like the Group Policy Management Console (GPMC), the Group Policy settings you see available are taken from a set of Group Policy template files found in the local %systemroot%\PolicyDefinitions folder.

Group Policy templates are language-neutral XML files with an .admx file extension. The descriptions for each policy setting are stored separately in .adml files. There is one .adml file for each language corresponding to the respective .admx Group Policy template. Bear in mind that .admx files are just templates and the actual settings applied to Windows are stored in registry.pol files. Before Windows Vista Service Pack 1, Group Policy templates used a different file format and file extension (.adm).

Some applications, like Google Chrome, Microsoft Office, and the new version of Microsoft Edge, come with their own Group Policy templates that you can download and add to PolicyDefinitions. But adding or modifying templates in the local PolicyDefinitions folder means that you will only see the new or changed settings in GPMC on the device where the Group Policy template was added or changed.

Create a central Group Policy store

So that all Group Policy administrators see the same settings in GPMC, regardless of which device they are using, you can create a PolicyDefinitions folder in your domain’s SYSVOL folder. This is sometimes referred to as a Group Policy central store. GPMC will then use this domain network location to retrieve templates instead of using the local PolicyDefinitions folder. SYSVOL, and any child folders, is automatically replicated to all domain controllers in your AD domain.

To create a PolicyDefinitions folder in your domain, log in to a domain controller as a domain administrator. Then create a folder called PolicyDefinitions in the Policies folder in the UNC path shown below. You will need to replace ad.contoso.com with the Fully Qualified Domain Name (FQDN) of your AD domain.

\\ad.contoso.com\SYSVOL\ad.contoso.com\Policies\

How to Create a Group Policy Central Store (Image Credit: Russell Smith)
How to Create a Group Policy Central Store (Image Credit: Russell Smith)

Adding Group Policy templates to the central store

Once the folder has been created as shown in the screenshot above, all that’s left to do is populate it with Group Policy templates and .adml language files. There are two ways you can do this. You can copy the contents of the C:\Windows\PolicyDefinitions folder on a Windows 8.1 or Windows 10 computer to the domain SYSVOL PolicyDefinitions folder.

Alternatively, Microsoft makes Group Policy templates, for each supported version of Windows and Windows Server, available on its website here. Download the contents of the required template CAB and copy the extracted files to the domain SYSVOL PolicyDefinitions folder.

How to Create a Group Policy Central Store (Image Credit: Russell Smith)
How to Create a Group Policy Central Store (Image Credit: Russell Smith)

Next time you open GPMC, it will check for a SYSVOL PolicyDefinitions folder. If it exists, it will use the templates from the domain folder instead of the local version of the templates. When you expand Administrative Templates in GPMC, you’ll see Policy definitions (ADMX files) retrieved from the central store written to the left if GPMC was able to detect a central store. If nothing additional is written, the templates are being retrieved from the PCs local store.

How to Create a Group Policy Central Store (Image Credit: Russell Smith)
How to Create a Group Policy Central Store (Image Credit: Russell Smith)

For more information on how to use GPMC to create Group Policy objects, see How to Create and Link a Group Policy Object in Active Directory on Petri.

There can only be one central Group Policy store

The central Group Policy store is a good idea in principle. But you can only have one central store, and you need to back it up and update it when Windows is patched or upgraded. If you are managing different versions of Windows in your environment, using one central Group Policy store can lead to issues. Especially now that there are so many supported versions of Windows 10 that you could potentially have in your environment at once.

In principle, Group Policy templates for the latest version of Windows are backwards compatible with previous versions of the operating system. But sometimes Microsoft changes Group Policy setting names and drops settings that might still be required in older versions of Windows. This can lead to errors parsing Group Policy on your systems if a central store is used.

To avoid this issue, you can dedicate a PC or virtual machine for the management of Group Policy for a specific version of Windows, without using a central Group Policy store. It might not be as convenient from a management perspective, but it does ensure separation of Group Policy templates for each version of Windows and that you are using the latest versions of the templates. And it is more likely to ensure that policy settings are applied as expected.

 

Source :
https://www.petri.com/how-to-create-a-group-policy-central-store

Spear-Phishing Attacks Targeting Office 365 Users, SaaS Applications

Over the course of the last 15 years, cyber threats have gone from urban myths and corporate ghost stories to as mainstream as carjackings and burglaries. There isn’t a business owner of a small restaurant chain or a CEO of a Fortune 500 company who doesn’t think about the fallout of being breached.

I’m not here to tell you how the threats are getting more sophisticated, or how state-sponsored hacker groups are getting more and more funding; you already know that. But what I do want to share with you is something that I’m seeing daily. Targeted threats that you may have already witnessed and, unfortunately, been personally a victim of or know someone who has: Spear-phishing.

Are you an Office 365 user? Do you have customers who are Office 365 users? Are you a managed security service provider (MSSP) that administrators Office 365 for your clients? You probably need a solution that applies effective Office 365 security capabilities and controls.

With close to 200 million global users, Office 365 is a target — a big target. And spear-phishing attempts are good. Really good. Recently, Forbes ran a summary of the threat. Alarmingly, today’s most advanced spear-phishing attempts look like they come from your CFO, boss or trusted vendor. They provide credibility to the target and, many times, users take the bait. Money gets wired. Access to accounts are provided. Confidential information is exposed.

Traditional email security isn’t enough protection. Out-of-the-box, cloud-native security services aren’t enough protection. A lean, effective and modern Office 365 security or SaaS security solution is required.

How to stop spear-phishing attacks, advanced cyber threats

SonicWall Cloud App Security (CAS) combines advanced security for Office 365, G Suite and other top SaaS applications to protect users and data within cloud applications, including email, messaging, file sharing and file storage. This approach delivers advanced threat protection against targeted email threats like phishing attacks, business email compromise, zero-day threats, data loss and account takeovers.

CAS also seamlessly integrates with sanctioned SaaS applications using native APIs. This helps organizations deploy email security and CASB functionalities that are critical to protecting the SaaS landscape and ensure consistent policies across cloud applications being used.

Explore the five key reasons CAS may be able to protect your organization from spear-phishing and other advanced attacks.

  • CAS delivers next-gen security for Office 365, protecting email, data and user credentials from advanced threats (including advanced phishing) while ensuring compliance in the cloud
  • Monitor SaaS accounts for IOCs, such data leakage, account takeover, business email compromise (BEC) and fraud attempts
  • Block malware propagation in malicious email attachments and files, whether they are at-rest or traversing a SaaS environment, internally or cloud-to-cloud
  • Prevent data breaches using machine learning and/or AI-based user profiling and behavior analytics for incident detections and automated responses
  • Leverage Shadow IT to monitor cloud usage in real time, and set policies to block unsanctioned applications

In my over 10 years of observing various attacks and sitting in rooms with customers (not mine, fortunately) who have been breached, I can tell you that you don’t want it ever to be you or your customers. This threat is having more success than any I’ve seen — and they are very recent.

For more information, contact a SonicWall cybersecurity expert or explore the CAS solution in detail.

 

Source :
https://blog.sonicwall.com/en-us/2020/01/spear-phishing-attacks-targeting-office-365-users-saas-applications/

How to increase maximum size Microsoft Outlook pst files and ost files

In Outlook 2003 and 2007 the maximum recommended size of a Unicode pst-file and ost-file has been limited to 20 gb

In Outlook 2010, 2013 and 2016, the maximum recommended limit has been set to 50 gb

you can increase the limit with Group Polices and Registry

Registry
Outlook 2003
HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\PST
Outlook 2007
HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\PST
Outlook 2010
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\PST
Outlook 2013
HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\PST
Outlook 2016
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\PST

create new DWORD with value MaxLargeFileSize
Don’t set this higher than 4294967295 (decimal) or ffffffff (hexadecimal)

Group Polices
User Configuration-> Administrative Templates-> Microsoft Outlook <version>-> Miscellaneous-> PST Settings