RE: [NTSysADM] Change control....GPO

[Ziots, Edward]

+2, Defintely agree that GPO change, or modification which will impact the 
workstation environment, should go to change management.

Z

Edward E. Ziots, CISSP, CISA, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org<mailto:ezi...@lifespan.org>
Work:401-255-2497


This electronic message and any attachments may be privileged and confidential 
and protected from disclosure. If you are reading this message, but are not the 
intended recipient, nor an employee or agent responsible for delivering this 
message to the intended recipient, you are hereby notified that you are 
strictly prohibited from copying, printing, forwarding or otherwise 
disseminating this communication. If you have received this communication in 
error, please immediately notify the sender by replying to the message. Then, 
delete the message from your computer. Thank you.
[Description: Description: Lifespan]


From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Brian Desmond
Sent: Saturday, September 21, 2013 2:44 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Change control....GPO

+1. I've seen this pivot in highly regulated environments where the GPO affects 
a controlled asset/system then it's much more rigid.


Thanks,
Brian Desmond
br...@briandesmond.com<mailto:br...@briandesmond.com>

w - 312.625.1438 | c - 312.731.3132

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of William Robbins
Sent: Friday, September 20, 2013 10:08 PM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] Change control....GPO

Most of the environments I've worked in treat GPO's depending on level of 
impact.  Domain-wide, go to Change Control processes.  OU level required 
manager for that OU's sign off.  GPO's making maintenance changes with low risk 
are treated the same as user account creation.  HD Ticket or similar to track 
request and work.


 - WJR

On Fri, Sep 20, 2013 at 9:55 PM, David Lum 
<david....@nwea.org<mailto:david....@nwea.org>> wrote:
For you guys with a pretty well defined change control process - are 
incremental GPO changes (in this case we have a GPO that controls IE's trusted 
sites, I want to add enable auto logon with current credentials for sites in 
trusted sites) reviewed by people before the change? I'm thinking in larger 
environments it might be submitted by one person, reviewed and approved by 
another but not necessarily held until a formal change request meeting is 
convened?

Normally I'd just whip this change out, but I need to think about the 
accountability process in general.
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229<tel:503.548.5229>

<<inline: image001.jpg>>