Understand Active Directory Group Policy security settings

Advanced
Administrator
Windows Server

Learn what each Group Policy security policy does, where it solves a real-world problem, and how to configure, audit, and manage security settings at scale in Active Directory environments.

Learning objectives

By the end of this module, you're able to:

  • Describe how Group Policy security settings are structured, processed, and targeted, and select the right tool to author and test them.
  • Configure Account Policies (password, lockout, and Kerberos) and explain the domain-scope rule and fine-grained password policies.
  • Assign user rights and configure security options to enforce least privilege and harden authentication.
  • Configure auditing, secure group membership, services, registry, file system, and event logs.
  • Deploy network and application security policies, and manage security settings at scale with the Windows Server 2025 OSConfig baseline.

Prerequisites

  • Experience administering Windows Server and Active Directory Domain Services (AD DS).
  • Working knowledge of Group Policy Objects (GPOs): links, scope, inheritance, and processing order.
  • Familiarity with Windows security principals, security identifiers (SIDs), access tokens, and NTFS and registry ACLs.
  • Basic understanding of Kerberos and NTLM authentication.
  • Access to a Windows Server 2025 AD DS environment with the Group Policy Management Console (GPMC) and Windows PowerShell for the procedures.