diff --git a/3 DC/GPOs/(3) Mapping Drives Using GPO's S.O.P..pdf b/3 DC/GPOs/(3) Mapping Drives Using GPO's S.O.P..pdf
new file mode 100644
index 0000000..e844c95
Binary files /dev/null and b/3 DC/GPOs/(3) Mapping Drives Using GPO's S.O.P..pdf differ
diff --git a/3 DC/GPOs/3) increase_log_size.md b/3 DC/GPOs/3) increase_log_size.md
new file mode 100644
index 0000000..7fd35a5
--- /dev/null
+++ b/3 DC/GPOs/3) increase_log_size.md	
@@ -0,0 +1,10 @@
+# Powershell
+```
+Limit-Eventlog -logname security -maximumsize 200MB -overflowaction overwriteolder
+```
+
+# GPO to increase log size
+
+Computer Configuration > policies > administrative templates > windows components > event log service
+
+    enable "Specify the maximum log file size (KB)" to 200000 = 200MB
\ No newline at end of file
diff --git a/3 DC/GPOs/4) DCO_GPO_INTERNAL.md b/3 DC/GPOs/4) DCO_GPO_INTERNAL.md
new file mode 100644
index 0000000..6345dc8
--- /dev/null
+++ b/3 DC/GPOs/4) DCO_GPO_INTERNAL.md	
@@ -0,0 +1,23 @@
+## Tools
+
+[DFIR Tools](https://ericzimmerman.github.io/#!index.md)
+[Flare](https://github.com/HASecuritySolutions/flare)
+[Ghidra](https://github.com/NationalSecurityAgency/ghidra)
+[Greenborne](https://github.com/greenbone/openvas-scanner)
+[Kali ISO](https://cdimage.kali.org/kali-2024.2/kali-linux-2024.2-installer-amd64.iso)
+[memdump](https://www.softpedia.com/get/System/System-Miscellaneous/MemDump.shtml)
+[memprocfs](https://github.com/ufrisk/MemProcFS)
+[Network Miner](https://www.netresec.com/?page=NetworkMiner)
+[Persistent Sniper](https://github.com/last-byte/PersistenceSniper)
+[reg shot](https://sourceforge.net/projects/regshot/)
+[Rita](https://github.com/activecm/rita)
+[Snort](https://www.snort.org/)
+[sysinternals](https://learn.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite)
+[volatility](https://github.com/volatilityfoundation/volatility3)
+[wireshark](https://www.wireshark.org/download.html)
+
+## OVAs
+
+[Remnux](https://docs.remnux.org/install-distro/get-virtual-appliance)
+[Sift](https://www.sans.org/tools/sift-workstation/)
+[Kali](https://www.kali.org/get-kali/#kali-installer-images)
\ No newline at end of file
diff --git a/3 DC/GPOs/Remote_Cred_Guard.md b/3 DC/GPOs/Remote_Cred_Guard.md
new file mode 100644
index 0000000..508bf12
--- /dev/null
+++ b/3 DC/GPOs/Remote_Cred_Guard.md	
@@ -0,0 +1,14 @@
+# Remote Credential Guard
+
+Remote Credential Guard helps protecting credentials over a Remote Desktop (RDP) connection by redirecting Kerberos requests back to the device that's requesting the connection.
+
+## GPO [^1]
+
+|Group policy path|Group policy setting|Value|
+|---|---|---|
+|Computer Configuration\Administrative Templates\System\Credentials Delegation|Remote host allows delegation of nonexportable credentials|Enabled| 
+
+
+
+#### Resources
+[^1]: [Remote Credential Guard](https://learn.microsoft.com/en-us/windows/security/identity-protection/remote-credential-guard?tabs=gpo)
\ No newline at end of file