Post on 29-Jan-2016
transcript
1
Chapter Overview
Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options
2
Security Settings in the Local Computer Policy Snap-In
When you install the Group Policy snap-in and point it at the local computer, it is called the Local Computer Policy snap-in.
Account Policies is one of the Security Settings in the Local Computer Policy snap-in.
User Rights Assignments and Security Options are both Local Policies and are part of the Security Settings in the Local Computer Policy snap-in.
3
Password Policy
Improves security on your computer Controls how passwords are created
and managed Specifies the length of time a password
can be used Specifies the minimum password length Maintains a history of the passwords
used
4
Password Policy Settings
5
Configuring Account Lockout Policy
6
Understanding User Rights
Can be assigned to groups or individual user accounts
Should be assigned only to groups Are cumulative
7
Assigning User Rights
8
Logon Rights
Access This Computer From The Network (or Deny)
Log On As A Batch Job (or Deny) Log On As A Service (or Deny) Log On Locally (or Deny) Allow Logon Through Terminal Services
(or Deny)
9
Renaming the Administrator Account
You cannot delete the Administrator account.
You should rename the built-in Administrator account.
To rename the built-in Administrator account1.Right-click Accounts: Rename The
Administrator Account.2.Click Properties.3. Type the new name, and then click OK.
10
Configuring Other Settings to Improve Logon Security Rename the built-in Guest account. Limit the number of times users can log
on to a Microsoft Windows domain using cached account information. Interactive Logon: Number Of Previous
Logons To Cache Prevent the storing of credentials
and .NET Passports. Network Access: Do Not Allow Storage Of
Credentials Or .NET Passports For Network Authentication
11
Shutting Down the Computer Without Logging On By default, Microsoft Windows XP Professional
does not require a user to be logged on to the computer to shut it down.
To force users to log on to the computer before they can shut it down 1. Right-click Shutdown: Allow System To Be Shut Down
Without Having To Log On.2. Click Properties. 3. Select Disable to force users to log on before they can
shut down the computer. To use this setting, the computer must be a
member of a domain or you must turn off the use of the Welcome screen.
12
Clearing the Virtual Memory Pagefile on Shutdown
By default, Windows XP Professional does not clear the virtual memory pagefile when the system is shut down.
The data in the pagefile might be accessible to users who are not authorized to view that information.
To have Windows XP Professional clear the pagefile on shutdown1. Right-click Shutdown: Clear Virtual Memory Pagefile.2. Click Properties.3. Select Enabled.
13
Disabling Ctrl+Alt+Delete Requirement for Logon
14
Preventing the Display of the Last User Name in Logon Screen
15
Using Internet Options
Allows you to Configure Microsoft Internet Explorer 6.0 Specify the first Web page you see when
you start Internet Explorer Delete temporary Internet files stored on
your computer Use Content Advisor to block objectionable
materials on your computer Set your security level
16
Configuring Internet Options
17
Using the Security Tab
18
Using the Privacy Tab
19
Using the Content Tab
20
Using the Connections Tab
21
Using the Programs Tab
22
Using the Advanced Tab
23
Chapter Summary
Local Computer Policy Security Settings Account Policies is one of the Local
Computer Policy Security Settings. User Rights Assignments and Security
Options are both Local Policies and are also part of the Local Computer Policy Security Settings.
24
Chapter Summary (Cont.) Password Policy controls passwords.
How often they must be changed How often they can be reused Their minimum length Their complexity Storing them in reverse encryption
Account Lockout Policy controls The lockout duration The number of invalid attempts before an account
is locked out The amount of time before the lockout counter is
reset
25
Chapter Summary (Cont.) User rights grant groups the privileges to
perform a specific task or control the way users can log on to a system.
Security options control How you enable, disable, or rename the
Administrator and Guest accounts How you manage interactive logon, network
clients, network access, and network security Internet Explorer security is configured in
Internet Options, which is accessed through Network And Internet Connections in Control Panel.