Posts

Showing posts from April, 2018

Learning from the field - Understanding and Auditing Active Directory Group Policy - Part 1/2

Image
The Background of this post : When it comes to auditing for standards such as SSAE 16  (it has become SSAE 18 now , but the core testing principles remain the same) or ISAE 3402 or when you support a Financial Statutory audit from the Information Security perspective for verifying the Information Systems, user access management and it's related configurations are one of the critical areas to look for.  For a similar audit, I was given the task of auditing Active Directory Group Settings as part of my work. Being a newbie back then (btw this is a very late post), I had to refer various articles and sources and correlate them to understand the working of the same so that I could proceed with the audit. Though the entire post and the process has been tested and shown in the Windows Server 2008 R2 version, this should apply well to other latest versions of Active Directory where only the path for accessing concerned features might differ. Note: The objective of this artic