SOX and GPO settings on Domain Controls 1383

  • Hello all,
    I am currently looking at my GPO settings on my Windows 200/2003 Domain Controller and am seeing that many of the policies I have setup on the GPO are directly tied into SOX, such as password policies and authentication.
    Has anyone ever included the GPO settings as part of their SOX testing? What needs to be tested to ensure that I am meeting the SOX requirements? Besides password policies are there other policies in a GPO that are related to SOX controls that need to be tested?

  • Hello WindowsSox, hope you are still checking out this forum.
    Besides password policies, there are some other useful things to consider in an Active Directory enviroment. Here a few of them:

    • If some of your FS applications are windows-based, or use MS SQL Databases, FS data repository and interfases, should have a strongher security policy than the other servers on the domain.
    • Rights Policies, Complete Audit Trails, Local and Remote logon restrictions, restricted and reduce administrive accounts, avoiding areas with Administrative rights on these servers like Help Desk (common mistake), rights over sensitive data folders, etc.
    • If your FS applications use SSO login, your Domain policies should force an automatic lockdown after a short inactive period and password requirement to unlock workstations.
      The idea is to use GPO policies to separate FS sensitive servers from others, from the security settings point of view, so the costs of SOx over IT is reduced.-

  • I agree with Juezox’s good point that GPO options can help considerably in rolling out a standard security template throughout the organization that can help fortify security for workstations and servers 🙂
    Please add www to links below
    General Search - A number of good links for GPO based security settings recommended GPO settings
    Managing Windows XP Service Pack 2 Features Using Group Policy

Log in to reply