Windows Server 2008 - Part 6 - Local Policy - Local Sercurity Policy - Smith.N Studio

7/29/2019 Windows Server 2008 - Part 6 - Local Policy - Local Sercurity Policy - Smith.N Studio

1/7

Chuyn trang dnh cho k thut vin tin hcCHIA S - KINH NGHIM - HC TP - TH THUT

Windows Server 2008 - Part 6 - Local Policy & Local SercurityPolicy

Trong cng tc qun tr mng vic ng dng Group Policy vo cng vic l iu khng th thiu i vibt c nh qu tr mng no. Vi Group Policy ta c th ty bin Windows theo ch m vi ngis dng thng thng khng th lm c

Local Security Policy (chnh sch bo mt cc b).

Mnh xin gii thiu v Local security policy !C 2 cch vo Local Security Policy:

Cch 1: Vo start\run\gpedit.msc

Cch 2: nhp chut phi vo Start -> Properties -> Start menu -> Classic start menu ->Customize nh du check Display administrator tools v chn OK.

Sau vo Start Menu\Programs\Administrative Tools s thy Local Security Policy

Sau khi vo Local security policy mnh s c cc ng dng:Computer Configuration v User Configuration

y ti ch cp n phn Computer Configuration cn User Configuration cng tng t nhngvi quyn hn ch hn.

1/ Account Policy

* Vo Windows settings - > Sercurity settings -> account policies:a/ Password policy:

1 of 7

Smith Nguyen St

ttp://www.facebook.com/SmithNguyenStudio
http://www.facebook.com/SmithNguyenStudiohttp://www.facebook.com/SmithNguyenStudiohttp://www.facebook.com/SmithNguyenStudiohttp://www.facebook.com/SmithNguyenStudio


2/7

Trong ny bao gm cc mc:# Password must meet complexity : khi t password cho wins phi c phc tp.(hoa,

thng, s, k t c bit)Mc nh tnh nng ny s b disable, gia tng ch bo mt bn nn Enable n ln

# Minimum password age: mc nh gi tr ny l 0 nu ta thay n bng con s khc 0 VD l 3 chnghn th user ch c quyn thay i password 3 ngy mt ln m thi.# Minimum password length: gia tng ch bo mt bn nn Enable tnh nng ny ln vi gitr >8 cho di ca password user lun mc an ton cao.# Enforce password history: nh bao nhiu password khng cho t trng.# Store password using reversible : m ho password.

b/ Account lockout policy:

# Account lockout threshold: kho account khi ng nhp sai. Bn nn cho gi tr ny l 3 trnh tnh trng hacker c gng d tm password ca bn, v nu hacker d pass sai qu 3 ln accountny s b lock trong vng 30 pht.Nu user ng nhp sai qu 3 ln dn n account user ny b lock bn c th unlock cho account nyngay tc th bng cch ng nhp vo vi quyn Administrator sau chn Computer Management ->Local user and group -> User

Sau double click vo account b lock b chn mc Account is locked out.

# Account lockout duration: kho account trong 30 pht khi ang nhp sai.# Reset account lockout counter after: xo b nh nh pass.

2/ Local policy

* Vo Windows settings - > Sercurity settings -> local policies:

2 of 7

Smith Nguyen St



3/7

a/ User rights assignment:

# Deny logon locally: chn user khng cho ng nhp vo my tnh.# Change the system time: nhng ngi c thay i gi h thng.# Shutdown the system: nhng ngi c quyn tt my.

v cn nhiu tnh nng khc bn t ngm cu nh.

b/ Sercurity options:

# Interactive logon: Do not display last user name: Khi user logout my ca s ng nhp skhng ghi li account user va logon.# Interactive logon: Message text for users attempting to log on: Bn c th nhn gi mt nidung no ti cc user trc khi h logon vo my vi ni dung nhn gi y.# Interactive logon: Message title for users attempting to log on: Bn nhp tiu ca hp nidung nhn gi vo y.

3/ Administrative Templates* Vo Administrative Templates

a/ System

# Turns off Autoplay: vi tu chn l Enable (All drivers) bn s gim nguy c ly lan virus do ccthit b ngoi vi nh USB, CD

Lu : Sau khi tu chnh trong Group Policy thc thi cc thay i bn phi tin hnh logoffmyhoc vo Start chn Run nhp lnh gpupdate /forceV cn nhiu tnh nng khc na y ti ch gii thiu n bn khi qut v Local Policy & LocalSercurity Policy m thi phn cn li bn t tm hiu.

3 of 7

Smith Nguyen St



4/7

Cc ng dng trong Local Policy & Local Sercurity Policy ca Windows Vista cng tng t nh trongWindows Server 2003, nhng v Windows Vista l mt win Client nn khi ta truy cp vo mt my Vistath n lun hiu rng bn l Guest cho d bn ng nhp vi bt c quyn hn g.Do bn phi vo Local Policies chn Sercurity Options# Accounts: Limit local account use of blank passwords to console logon only: Gii hn tikhon user c password trng ng nhpBn Disable n i

Trong mc Network access: Sharing and security model for local accounts: Chia s v bo mt cc tikhon cc bBn chn Guest only

Trong Windows Vista nu my bn dng trong phng internet bn c th chn ch Auto logonaccount gii hn quyn ca user truy cp nhm bo qun my tt hn. lm cng vic ny bn thc hin nh sau:To mt user mi vi tn l gccom1Logon vo Administrator

Vo Start chn Run nhp lnh control userpasswords2

4 of 7

Smith Nguyen St



5/7

Ca s User Account hin ra

Bn chn user gccom1 v sau restart li myBy gi cc ln khi ng k tip Windows s khng dng li mn hnh chn Account na m s chythng vo user gccom1

to cu thng bo cho ngi dng khi ng nhp vo my tnh bn vo mc Interactive logon:Message text for users attempting to log on

5 of 7

Smith Nguyen St



6/7

Nhp cu thng bo v Textbox

Tng t chn tip mc mc Interactive logon: Message title for users attempting to log on

Nhp dng tiu

6 of 7

Smith Nguyen St



7/7

Xong u y bn ra Run g lnh cp nht gpupdate /force

By gi th a7ng nha65o vi Account gccom1 s thy xut hin mn hnh thng bo

OK mnh va trnh by xong phn Local Policy & Local Sercurity Policy trong 70-648 ca MCSA.

Cng ty TNHH u t pht trin tin hc GC ComChuyn trang k thut my vi tnh cho k thut vin tin hc

in thoi: (073) - 3.511.373 - 6.274.294

Website: http://www.gccom.net

Smith Nguyen St

tt // f b k /S ithN St di

Windows Server 2008 - Part 6 - Local Policy - Local Sercurity Policy - Smith.N Studio

Documents

Transcript of Windows Server 2008 - Part 6 - Local Policy - Local Sercurity Policy - Smith.N Studio