implementing-anti-ransomware-group-policy
Installation
SKILL.md
Implementing Anti-Ransomware Group Policy
When to Use
- Hardening a Windows Active Directory environment against ransomware execution and propagation
- Implementing defense-in-depth by blocking ransomware execution paths via Group Policy
- Configuring AppLocker or WDAC rules to prevent unauthorized executables from running in user-writable directories
- Enabling Controlled Folder Access to protect critical directories from unauthorized file modifications
- Restricting lateral movement vectors (RDP, SMB, WMI) that ransomware uses to spread across the domain
Do not use as a standalone ransomware defense. GPO settings complement but do not replace endpoint detection, backups, network segmentation, and user awareness training.