This project has moved and is read-only. For the latest updates, please go here.

Previous Group Policy Management Setup Folder Permissions Next

Group Policy Object Introduction

Group Policy Objects (GPOs) are the standard method for enforcing security within Windows. The use of GPOs is expected by Auditors and Windows Administrators.

FineBuild is designed to work with or without the use of GPOs. The SQL Server services should be protected by configuring Windows security. Depending on site standards, this may be done either by manually applying the required security or by the use of Group Policy Objects (GPOs). DBAs and other people managing a SQL Server instance should seek to exploit GPO for security wherever practical.

This section includes specifications that allow the required GPOs to be created, and the FineBuild scripts apply the permissions specified for the GPOs regardless of if GPOs are used. However, the use of GPOs is recommended as this complies with Windows best practice and is far easier to enforce and audit.

A GPO can be created and deployed before SQL Server is installed. This document is designed so that the GPO specifications can be easily extracted and copied into a Work Request to ask your Support Centre to create the GPOs.
  • Copy the details from the pages listed in Group Policy Management into a new Word document.
  • Remove instructions intended for DBA staff.
  • Where required, change the variable information to that required for the install being performed.
Insert the completed Word document into the Work Request. The document can also be used as part of the server Handover documentation. Work Requests should be raised according to site standards. An example e-mail to raise the Work Request for GPO creation is given is shown below:
GPOWorkRequest.png
Copyright FineBuild Team © 2014 - 2016. License and Acknowledgements
Previous Group Policy Management Top Setup Folder Permissions Next

Last edited Oct 29, 2016 at 11:26 AM by EdVassie, version 3