Group Policy is an important component of secure Windows environments. Windows Group Policy helps centralize settings that ensure conformance with your security policy. Once you take the time to develop a comprehensive Group Policy, use it to both apply settings and ensure settings are correct. Here are a few guidelines that should result in an effective Group Policy:

• Define organizational units (OUs) that reflect your organization’s functional structure.

• Create OU GPOs for controls required in your security policy.

• Use meaningful names for GPOs to make maintenance and administration easier.

• Deploy GPOs in a test environment before deploying to your live environment.

• Use security filtering and Windows Management Instrumentation (WMI) filters to restrict settings when necessary.

• Back up your GPOs regularly.

• Do not modify the default policies—instead, create new GPOs.

• Use the Group Policy Settings Reference spreadsheets for more information on available GPO settings. You can find these spreadsheets by visiting the website href="http://www.microsoft.com/downloads, and searching for Group Policy Settings Reference. Microsoft provides several versions to cover different Windows releases.

• Acquire the Windows Server Security Compliance Management resource from Microsoft to help design, deploy, and monitor your server baselines.

• Acquire the Windows 10 Security Compliance Management resource from Microsoft to help design, deploy, and monitor your workstation baselines.

• Use the Local Policy Tool (LPT) to automatically deploy recommendations from the Security Compliance Management toolkits.