1 chapter overview configuring account policies configuring user rights configuring security options...

1

Chapter Overview

Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options

2

Security Settings in the Local Computer Policy Snap-In

When you install the Group Policy snap-in and point it at the local computer, it is called the Local Computer Policy snap-in.

Account Policies is one of the Security Settings in the Local Computer Policy snap-in.

User Rights Assignments and Security Options are both Local Policies and are part of the Security Settings in the Local Computer Policy snap-in.

3

Password Policy

Improves security on your computer Controls how passwords are created

and managed Specifies the length of time a password

can be used Specifies the minimum password length Maintains a history of the passwords

used

4

Password Policy Settings

5

Configuring Account Lockout Policy

6

Understanding User Rights

Can be assigned to groups or individual user accounts

Should be assigned only to groups Are cumulative

7

Assigning User Rights

8

Logon Rights

Access This Computer From The Network (or Deny)

Log On As A Batch Job (or Deny) Log On As A Service (or Deny) Log On Locally (or Deny) Allow Logon Through Terminal Services

(or Deny)

9

Renaming the Administrator Account

You cannot delete the Administrator account.

You should rename the built-in Administrator account.

To rename the built-in Administrator account1.Right-click Accounts: Rename The

Administrator Account.2.Click Properties.3. Type the new name, and then click OK.

10

Configuring Other Settings to Improve Logon Security Rename the built-in Guest account. Limit the number of times users can log

on to a Microsoft Windows domain using cached account information. Interactive Logon: Number Of Previous

Logons To Cache Prevent the storing of credentials

and .NET Passports. Network Access: Do Not Allow Storage Of

Credentials Or .NET Passports For Network Authentication

11

Shutting Down the Computer Without Logging On By default, Microsoft Windows XP Professional

does not require a user to be logged on to the computer to shut it down.

To force users to log on to the computer before they can shut it down 1. Right-click Shutdown: Allow System To Be Shut Down

Without Having To Log On.2. Click Properties. 3. Select Disable to force users to log on before they can

shut down the computer. To use this setting, the computer must be a

member of a domain or you must turn off the use of the Welcome screen.

12

Clearing the Virtual Memory Pagefile on Shutdown

By default, Windows XP Professional does not clear the virtual memory pagefile when the system is shut down.

The data in the pagefile might be accessible to users who are not authorized to view that information.

To have Windows XP Professional clear the pagefile on shutdown1. Right-click Shutdown: Clear Virtual Memory Pagefile.2. Click Properties.3. Select Enabled.

13

Disabling Ctrl+Alt+Delete Requirement for Logon

14

Preventing the Display of the Last User Name in Logon Screen

15

Using Internet Options

Allows you to Configure Microsoft Internet Explorer 6.0 Specify the first Web page you see when

you start Internet Explorer Delete temporary Internet files stored on

your computer Use Content Advisor to block objectionable

materials on your computer Set your security level

16

Configuring Internet Options

17

Using the Security Tab

18

Using the Privacy Tab

19

Using the Content Tab

20

Using the Connections Tab

21

Using the Programs Tab

22

Using the Advanced Tab

23

Chapter Summary

Local Computer Policy Security Settings Account Policies is one of the Local

Computer Policy Security Settings. User Rights Assignments and Security

Options are both Local Policies and are also part of the Local Computer Policy Security Settings.

24

Chapter Summary (Cont.) Password Policy controls passwords.

How often they must be changed How often they can be reused Their minimum length Their complexity Storing them in reverse encryption

Account Lockout Policy controls The lockout duration The number of invalid attempts before an account

is locked out The amount of time before the lockout counter is

reset

25

Chapter Summary (Cont.) User rights grant groups the privileges to

perform a specific task or control the way users can log on to a system.

Security options control How you enable, disable, or rename the

Administrator and Guest accounts How you manage interactive logon, network

clients, network access, and network security Internet Explorer security is configured in

Internet Options, which is accessed through Network And Internet Connections in Control Panel.