Derek Melber is coming out with a new book, the Group Policy Resource Kit, so we thought it might be a nice idea to interview Derek and learn more about his interests, his take on security and Group Policy, and his new book.
- Hi Derek, tell us a little about yourself. When did you get into the computer industry? Is computer security your main area of interest? What sparked your intense interest in Group Policy?
DLM: I got into the computer industry when I was in college, working in the Unix/NT computer lab. I was working on my PhD in structural engineering, where we did a lot of finite element analysis.
Computers are my main area of interest... for work. I will admit that speaking and training are in my blood and I enjoy both very much. I guess it is why I started my own company, www.braincore.net, which gives me the flexibility to do what I want. However, when I get out of work, I try not to think about them or work on them. I enjoy sports and the outdoors too much.
I have been working with "policies" for a long time. I was the "go to guy" back when I worked with Windows NT, as a trainer and consultant, so when Group Policy came out, it just made sense to keep that going. Group Policy makes sense to me and I see it very clearly in my mind, which helps teach and implement.
- Tell us about the Group Policy Resource Kit. Who proposed this title? Did you get to work with the Microsoft Product Group when putting this book together? Does the book include any tools that you can use to extend the utility of Group Policy? Can a beginner read the book and understand how Group Policy works and deploy an effective Group Policy plan?
DLM: I have wanted to do this title for a long time. Back when I started on the Group Policy Guide (by MSPress), I wanted that title to be this title. However, it did not work out that way. So, when I got a chance to update the book, I came up with the new title instead.
I did work with the product group, very closely. I know the product group very well, as I used to work with most of them at my last job. They are all an amazing group of people and their help and contributions were invaluable.
The book has a CD that is full of tools. The tools are not only from Microsoft, but third party vendors. The goal, for me, of the book was to create a one-stop-shop for everything Group Policy. I did not want to just talk about Microsoft tools and solutions, as there are some amazing tools that help troubleshoot, extend,a nd manage Group Policy.
The book is designed for all levels. The early chapters are dedicated to the beginner, but I encourage all levels to read all chapters. The book is laid out in a similar way to how I teach, so I fill in gaps of knowledge along the way for a guru. The first chapters are "foundational concepts", which are essential for understanding the more complex topics and chapters. Thus, anyone that wants or needs to know Group Policy can pick it up and read it.
- Do you have a handful of your favorite Group Policy tips and tricks? Anything in your Group Policy bag of tricks that a MS security admin can put to use immediately to improve network security?
DLM: I can't say I have tips or tricks, but I certainly have my favorite settings that I focus on. The settings that control anonymous connections, LanManager authentication, service account passwords, group membership, and many more are the ones that I find fit for all companies and have the most "WOW" power.
For security, the latest and greatest Group Policy settings are perfect! Microsoft purchased a company that had a few security related settings for Group Policy, which make Windows XP SP2, Windows Server 2003 SP1, Windows Vista, and Windows Server 2008 much more secure. These settings allow an administrator the centralized control over the Administrator account password on every single computer on the network (running these OSs listed, of course.) The new "Group" policy gives granular control over local group members... which is much better than the legacy Restricted Groups option. There are also settings for service account passwords, files, folders, Registry settings, User rights, password policies, and about 100 other security settings that must be evaluated. Oh, can't forget the Internet Explorer security settings, which give control of IE and the Web back to the admins, not the users or hackers.
Thomas W Shinder, M.D.
GET THE NEW BOOK! Go to http://tinyurl.com/2gpoo8
MVP - Microsoft Firewalls (ISA)