AD Tripwires - Configuring Domain Policy

Download Domain Policy Template Package

1. During the AD Tripwires setup in the Horizon3 portal, you will be provided a domain policy package.

2. Locate the Download & Configure Domain Policy card

   

3. Click the Download button to obtain the domain policy template ZIP file

4. Save the ZIP file to a location accessible from your domain controller or management workstation

Prerequisites

Before proceeding with domain policy configuration, ensure you have:

1. Domain policy template ZIP file (downloaded from the Horizon3 portal)
2. Domain Admin privileges on the target Active Directory domain
3. Windows Server or workstation with Group Policy Management Console (GPMC) installed
4. Access to a domain controller or management workstation joined to the target domain

Extract Domain Policy Template

1. Navigate to the location where you downloaded the domain policy template ZIP file
2. Right-click on the ZIP file and select Extract All
3. Choose a temporary directory for extraction (e.g., C:\Temp\H3_Policy_Template)
4. Click Extract to extract the domain policy template files
5. Verify that the extracted folder contains the necessary Group Policy backup files including:
   • gpreport.xml
   • manifest.xml
   • Backup.xml
   • Additional policy configuration files

Create New Group Policy Object

1. Open Group Policy Management Console by pressing Win+R, typing gpmc.msc, and pressing Enter
2. In the left pane, expand your target domain

3. Right-click on Group Policy Objects and select New from the context menu

   

4. In the New GPO dialog, enter a meaningful name for the policy (e.g., "H3 IoA Policy")

   

5. Click OK to create the new Group Policy Object

Import Domain Policy Settings

1. In the Group Policy Management Console, locate the newly created GPO under Group Policy Objects

2. Right-click on the GPO and select Import Settings from the context menu

   

3. The Import Settings Wizard will open. Click Next to begin the import process

   

4. On the Backup Location screen, click Browse to select the folder containing the extracted domain policy template

   

5. Navigate to and select the folder where you extracted the domain policy template files

   

6. Select the appropriate GPO backup from the list and click Next

   

   Troubleshooting Import

   If you don't see any GPO backups listed, verify that you selected the correct folder containing the manifest files (gpreport.xml, manifest.xml, etc.).

7. Review the source GPO information and click Next to continue

   

8. Choose how to handle security principals and click Next

   

9. Review the import summary and click Next to proceed with the import

   

10. Wait for the import process to complete, then click Finish

    

Review Imported Policy Settings

1. In the Group Policy Management Console, right-click on the imported GPO and select Edit

   

2. The Group Policy Management Editor will open. Navigate to Computer Configuration → Preferences → Control Panel Settings → Scheduled Tasks

   

3. Verify that the imported policy contains the IoA Collector scheduled task configuration

4. Review the task settings to ensure they match your environment requirements
5. Close the Group Policy Management Editor when review is complete

Link Group Policy Object

1. In the Group Policy Management Console, navigate to the Domain Controllers organizational unit (or the appropriate OU where you want to apply the policy)

2. Right-click on the Domain Controllers OU and select Link an Existing GPO

   

3. In the Select GPO dialog, choose the H3 IoA Policy that you created and imported

   

4. Click OK to link the policy to the organizational unit

5. Verify that the policy appears in the Linked Group Policy Objects list for the OU

   

Apply Group Policy and Verify

1. Wait for group policy replication to all domain controllers

   Typical Replication Timeframes

   Small domains (1-10 DCs): 15 minutes to 1 hour

   Medium enterprises (10-50 DCs): 1-4 hours

   Large enterprises (50+ DCs): 2-8 hours

   Very large/global enterprises: 8-24 hours

   You can also run gpupdate /force on individual domain controllers to force an immediate Group Policy refresh.

2. Verify scheduled task deployment on domain controllers:

3. Open Windows Task Scheduler by pressing Win+R, typing taskschd.msc, and pressing Enter
4. Navigate to Task Scheduler Library in the left pane

5. Verify that the IoA Collector task appears in the task list

   <figure class="screenshot_wrapper_default screenshot_wrapper_reduced" markdown>
   
   ![Task Scheduler Active Tasks](./img/ad_tripwires/task_scheduler_active_tasks.png)
   
   </figure>
   

6. Right-click on the IoA Collector task and select Properties to review the task configuration

   <figure class="screenshot_wrapper_default screenshot_wrapper_reduced" markdown>
   
   ![Task Scheduler Task General Properties](./img/ad_tripwires/task_scheduler_task_general_properties.png)
   
   </figure>
   

7. Monitor task execution to ensure the scheduled task runs successfully according to its configured schedule

Next Steps

Once the domain policy has been successfully configured and applied:

1. Provision AD accounts and event logging using the provisioning process (see Getting Started guide)
2. Verify AD Agent installation and connectivity
3. Test tripwire functionality by performing controlled activities that should trigger alerts

For troubleshooting any issues during setup or operation, see the Troubleshooting guide.