Fall 2011 Nassau Community College ITE153 – Operating Systems Session 22 Local Security Polcies 1.
-
Upload
ruth-gibson -
Category
Documents
-
view
213 -
download
0
Transcript of Fall 2011 Nassau Community College ITE153 – Operating Systems Session 22 Local Security Polcies 1.
Fall 2011Nassau Community College ITE153 – Operating Systems
Session 22 Local Security Polcies
1
Overview
• Introducing Local Security Policies• Four Categories• Configuring Password Policy• Account Lockout Policy• Security Options• IP Security Policies
Fall 2011 2Nassau Community College ITE153 – Operating Systems
Fall 2011Nassau Community College ITE153 – Operating Systems
Session 22Windows 7 ProfessionalLocal Security Policies
3
Local Security Policies• A Group Policy object contains an extensive profile
of security permissions that apply primarily to the security settings of a domain or a computer (rather than to users)
• Group policies for local computers that do not use the Active Directory are set using Local Security Policies
• Because a computer can have more than one policy setting applied to it, security policy settings can conflict with each other.
• The order of precedence from highest to lowest is: OU => domain => local computer
Fall 2011Nassau Community College ITE153 – Operating Systems 4
Local Security PoliciesLocal Security Policies apply to a computer and
contain these subsets:• Audit policy. Determines whether security events are
written to the security log in Event Viewer on the computer. Also determines whether to log successful attempts, failed attempts, or both
• User rights assignment. Determines which users or groups have logon rights or privileges on the computer
• Security options. Enables or disables security policy settings for the computer, such as digital signing of data, Administrator and Guest account names, floppy disk drive and CD drive access, driver installation, and logon prompts
Fall 2011Nassau Community College ITE153 – Operating Systems 5
Local Security Policies
There are four categories of local security policies:•Account Policies•Local Policies•Public Key Policies•IP Security Policies
Fall 2011Nassau Community College ITE153 – Operating Systems 6
Local Security PoliciesTwo ways to get to it:
• Control Panel => Systems and Security =>Administrative Tools => Local Security Policy
• mmc secpol.msc
Fall 2011Nassau Community College ITE153 – Operating Systems 7
Account Policies
• Password and account lockout policies
• Set number of invalid logon attempts
• Lock account indefinitely
Fall 2011Nassau Community College ITE153 – Operating Systems 8
Local Policies
Fall 2011Nassau Community College ITE153 – Operating Systems 9
• Prevents last user name logged on from appearing
• Shutdown without being logged on
• Lock account indefinitely
• Force logoffs
Public Key Policies
Fall 2011Nassau Community College ITE153 – Operating Systems 10
• Deals mainly with recovery and encryption
IP Security Policies
Fall 2011Nassau Community College ITE153 – Operating Systems 11
• Network security rules
• IP Filtering
… And More Policies
Fall 2011Nassau Community College ITE153 – Operating Systems 12
Lab A: Local Security Policies
Fall 2011 13Nassau Community College ITE153 – Operating Systems
Configuring Password Policy
• Enforce password history – how many old passwords
• Maximum password age – days to keep a particular password
• Minimum password age – prevents changing the password back
• Minimum password length - # of characters
• Password complexity requirements – disabled by default
Fall 2011Nassau Community College ITE153 – Operating Systems 14
Lab B: Configuring Password Policy
Fall 2011 15Nassau Community College ITE153 – Operating Systems
Account Lockout Policy
• Prevents users from guessing passwords
• Account lockout duration – minutes account is locked out
• Account lockout threshold – number of invalid logons
• Reset account lockout counter after – number of minutes that must elapse after a failed logon attempt
Fall 2011Nassau Community College ITE153 – Operating Systems 16
Lab C: Account Lockout Policy
Fall 2011 17Nassau Community College ITE153 – Operating Systems
Security Options
Fall 2011Nassau Community College ITE153 – Operating Systems 18
Security Options
• Interactive logon: Do not display last user name
• This security setting determines whether the name of the last user to log on to the computer is displayed in the Windows logon screen.
Fall 2011Nassau Community College ITE153 – Operating Systems 19
User Rights Assignment
• Change the Time Zone
• This user right determines which users and groups can change the time zone used by the computer for displaying the local time, which is the computer's system time plus the time zone offset.
Fall 2011Nassau Community College ITE153 – Operating Systems 20
Lab D: Security Options
Fall 2011 21Nassau Community College ITE153 – Operating Systems
IP Security Policies
• Used for building firewalls
• Uses a wizard and IP filters
Fall 2011Nassau Community College ITE153 – Operating Systems 22
Important URLS• Local Users and Groups - use Local Users and Groups
to create and manage users and groups that are stored locally on a computer
• Local Users and Groups - similar to link above but for Windows 7, Windows Server 2008, Windows Server 2008 R2
• Local Users and Groups best practices - excellent tips• Microsoft Security Administrators Guide - security
administrators guide. Also available in PDF format.• Microsoft Security TechCenter - links to technical
bulletins, advisories, updates, tools, and prescriptive guidance. This is a very good site to visit frequently
Fall 2011Nassau Community College ITE153 – Operating Systems 23
Homework
Review the SlidesReview Lesson 12 In The Text
Fall 2011Nassau Community College ITE153 – Operating Systems 24