The File System, Active Directory, Real-Time Changes, and You

The File System, Active Directory, Real-Time Changes, and You

GPOs are a bit of a strange beast. They exist in two worlds – the file system, and active directory – and they affect many more. Sort of like a platypus – a poisonous mammal that lays eggs and has a duck-bill, a beaver tail, and the feet of an otter – the GPO has the characteristics of both files and AD objects while affecting security, the registry, applications, and many other parts of your forest. And that makes it a tricky object to get a handle on. The AD portion of the GPO tracks version information, and also where the GPO is applied in Active Directory. So it’s very important to keep track of the AD portion, where changing where a GPO is applied is the same as adding and deleting its setting from your deployment.

The File portion of the GPO records all of the GPO’s settings. That is, all of the specifics about what a GPO affects from the password settings to rights assignments to application deployment is stored in a series of files (multiple settings files per GPO is common) on the file system, in the SYSVOL folder of each domain controller. Tracking this is just as important as the AD portion, if not more so, and you don’t have a functional GPO without both.

So, you’re an administrator and you want to see who is making changes to your GPOs, and what those changes are. To do that, you need technology that sees into both AD and the filesystem. And if you want to prevent administrators from making changes to your GPOs, you need to secure Active Directory and the SYSVOL folder, and lock it down so that even your domain admins can’t make changes unless they’re approved. That’s some tricky business.

Thankfully, STEALTHbits has the technology you need. Change detection, before-and-after values for changes, and precise lockdown rules that affect both AD and the filesystem – all in StealthINTERCEPT. We give you visibility into where GPOs are applied, what settings are being changed (including the old and new value of all changes) and who is making the changes. And we can pro-actively prevent unwanted change before it occurs with our Lockdown technology, giving you complete control of your GPOs wherever and however they are applied in your environment.

Don’t miss a post! Subscribe to The Insider Threat Security Blog here:

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Start a Free StealthAUDIT® Trial!

No risk. No obligation.