We have been finishing up on the creation and setup of departmental shared drives and their automated mappings with GPOs.
Default GPOs have been refined to further reduce unnecessary accesses from basic users. Our GPOs are becoming more focused and less broad – each newer GPO has a specific set of accesses it will configure. We’ve begun to drill down and create new GPOs for individual access configurations, such as GPOs which enable limited control panel, full control panel, or activate local-disk access.
As we create OUs and GPO configurations, we have been testing the affected users and computers to ensure the changes were successful. We’ve been testing to see if there are any ways to circumvent the current policy restrictions and closing any loopholes in the system.
Outline of overall AD layout