If you are a game theory enthusiast, you are probably familiar with the 'Salami slicing tactic'. For the uninitiated, Salami slicing is a strategy where the opponent makes small but consistent moves while making sure they stay well below the threshold that could get them noticed. Over a period, these moves add up to cause substantial damage without the other side noticing anything until it is too late.
What does this have to do with you or your organization now? Insider threats. They use similar strategies to siphon off sensitive information or abuse their excess privileges. A simple yet effective counter measure is to ensure all employees have only the least privileges and access permissions needed to perform their works. An effective way to employ this in Active Directory management is to filter GPO scope to allow granular control over user accounts and specific OUs.
GPO scope
The scope of a GPO can be defined by linking it to a site or a domain or an OU. By default, a GPO will be applied throughout the linked object unless it is narrowed down. One of the common ways to narrow down GPO scope is using filters like Security or WMI filtering.
Steps to configure GPO filters in ADManager Plus
Logon to ADManager Plus.
Navigate to Management tab > GPO Management > Manage GPOs.
Select the domain to which the GPO belongs.
From the list of GPOs in the selected domain, click on the Linked Objects button, next to the GPO to be modified.
Navigate to the Scope tab and click on Advanced Settings located at the bottom of the linked objects table.
In the Security Filtering section, add or remove the objects (users, groups or computers) to which the GPO is to be applied.
In the WMI Filtering section, you can choose the desired WMI filter from the drop down menu.
Click Update to save the changes.
Tune in next week for another quick tip for better identity and access management!
Cheers,
Team ADManager Plus.