Security Basics mailing list archives

FW: Mass Distribution of Security Policies

From: "Ramirez, Steven" <Steven.Ramirez () loukymetro org>
Date: Wed, 11 May 2005 16:05:05 -0400

I am currently looking at a way to mass distribute new security policies to
the entire workforce. Bear in mind this is a government entity with multiple
Dept's. In the past this had been done by visiting each Dept and
distributing manually or upon new user orientation. It was not efficient or
accurate.

Our environment consists of this;
AD 2003
SMS 2003
Exchange 2003
W2K Desktops
Approx 4500 users/100 locations/1 Metropolitan Area

This is what I was thinking;

Initial mass deployment to all users logging in to the network must be
directed to the new policies and forced to ACCEPT or DECLINE. Prior to
clicking ACCEPT or DECLINE I would want the user to have to enter their name
and last 4 of SSN. 
        * By clicking ACCEPT it would be logged to a database where it could
always be know when they accepted. The last 4 would be a means for our Help
Desk to verify the individual if they ever called requesting a password
reset (Optional, but would really help). 
        * By clicking DECLINE, their account would be unable to access
network resources or shut the machine down. Basically forcing them to click
ACCEPT.
        * After initial deployment I would like this to occur in a frequency
set forth by the automated password reset of 90 days. This way any revisions
to the policies would be shown and also remind them of the policy.

Some initial discussion here has been (without being too specific);
* Tie into the login script
* Make use of GPO's
* Make use of MS Sharepoint
* 3rd party solutions (Adobe, Digital Signatures, etc.)

The policies will always be available via our Intranet. This distribution
will also coincide with a mass Security Awareness Training. We just felt
that forcing the policies at login will be the best and possibly only way to
really have "everyone" who uses our network view them.


What I ask of the people on this list;
* How do you handle Security Policy Distribution? Frequency? Sign-off?
Tracking?
* Does anyone implement something like above?
* Any suggestion of 3rd Party vendors?

Any/all ideas are welcome.

Steve

Current thread:

FW: Mass Distribution of Security Policies Ramirez, Steven (May 11)
- RE: Mass Distribution of Security Policies Robert Hines (May 12)
- Re: FW: Mass Distribution of Security Policies Vic Sele (May 12)
- <Possible follow-ups>
- Re: FW: Mass Distribution of Security Policies Aram Sargsyan (May 12)
- RE: Mass Distribution of Security Policies Ramirez, Steven (May 12)
  - RE: Mass Distribution of Security Policies Robert Hines (May 12)