implementing-anti-ransomware-group-policy

Installation
SKILL.md

Implementing Anti-Ransomware Group Policy

When to Use

  • Hardening a Windows Active Directory environment against ransomware execution and propagation
  • Implementing defense-in-depth by blocking ransomware execution paths via Group Policy
  • Configuring AppLocker or WDAC rules to prevent unauthorized executables from running in user-writable directories
  • Enabling Controlled Folder Access to protect critical directories from unauthorized file modifications
  • Restricting lateral movement vectors (RDP, SMB, WMI) that ransomware uses to spread across the domain

Do not use as a standalone ransomware defense. GPO settings complement but do not replace endpoint detection, backups, network segmentation, and user awareness training.

Prerequisites

Installs
25
GitHub Stars
24.2K
First Seen
Apr 20, 2026
implementing-anti-ransomware-group-policy — mukul975/anthropic-cybersecurity-skills