I’ve been meddling with some GPO issues and then came across these 2 commands. These commands has been the with Windows 2000 and 2003. So what bring my attention to these commands is how can you use them to comply with Security auditing. More information about how to use this commands can be found over here.
Well first we’ll take an example about an Enterprise company. Most of the time AD admin will get a mail or a request from HR or from a relevant department requesting to create a new user account. Once you get that request you’ll create those user accounts and by default they will be going to the Users section in ADUC. Due to your busy schedule you’ll forget to transfer the relevant user account to the correct OU. Event though this will be a matter of few hours or few days delay moving the account to relevant OU in computer security wise big risk!
One way I can think of eliminating or minimizing is whenever you create new user account or new computer added to the domain they will be moved to a different OU which have unique GPO’s assign to them. So in that particular GPO you can edit the security setting which will comply with the company IT security policy and give minimal user rights until user account moved to correct OU 🙂
In a nutshell this will be seen as a simple thing but overall compared to IT security a big step. So go ahead roll your sleeves and give it a try in your company network and be safe!