Windows Server 2008 - Part 6 - Local Policy - Local Sercurity Policy - Smith.N Studio
-
Upload
smith-nguyen-studio -
Category
Documents
-
view
228 -
download
0
Transcript of Windows Server 2008 - Part 6 - Local Policy - Local Sercurity Policy - Smith.N Studio
-
7/29/2019 Windows Server 2008 - Part 6 - Local Policy - Local Sercurity Policy - Smith.N Studio
1/7
Chuyn trang dnh cho k thut vin tin hcCHIA S - KINH NGHIM - HC TP - TH THUT
Windows Server 2008 - Part 6 - Local Policy & Local SercurityPolicy
Trong cng tc qun tr mng vic ng dng Group Policy vo cng vic l iu khng th thiu i vibt c nh qu tr mng no. Vi Group Policy ta c th ty bin Windows theo ch m vi ngis dng thng thng khng th lm c
Local Security Policy (chnh sch bo mt cc b).
Mnh xin gii thiu v Local security policy !C 2 cch vo Local Security Policy:
Cch 1: Vo start\run\gpedit.msc
Cch 2: nhp chut phi vo Start -> Properties -> Start menu -> Classic start menu ->Customize nh du check Display administrator tools v chn OK.
Sau vo Start Menu\Programs\Administrative Tools s thy Local Security Policy
Sau khi vo Local security policy mnh s c cc ng dng:Computer Configuration v User Configuration
y ti ch cp n phn Computer Configuration cn User Configuration cng tng t nhngvi quyn hn ch hn.
1/ Account Policy
* Vo Windows settings - > Sercurity settings -> account policies:a/ Password policy:
1 of 7
Smith Nguyen St
ttp://www.facebook.com/SmithNguyenStudio
http://www.facebook.com/SmithNguyenStudiohttp://www.facebook.com/SmithNguyenStudiohttp://www.facebook.com/SmithNguyenStudiohttp://www.facebook.com/SmithNguyenStudio -
7/29/2019 Windows Server 2008 - Part 6 - Local Policy - Local Sercurity Policy - Smith.N Studio
2/7
Trong ny bao gm cc mc:# Password must meet complexity : khi t password cho wins phi c phc tp.(hoa,
thng, s, k t c bit)Mc nh tnh nng ny s b disable, gia tng ch bo mt bn nn Enable n ln
# Minimum password age: mc nh gi tr ny l 0 nu ta thay n bng con s khc 0 VD l 3 chnghn th user ch c quyn thay i password 3 ngy mt ln m thi.# Minimum password length: gia tng ch bo mt bn nn Enable tnh nng ny ln vi gitr >8 cho di ca password user lun mc an ton cao.# Enforce password history: nh bao nhiu password khng cho t trng.# Store password using reversible : m ho password.
b/ Account lockout policy:
# Account lockout threshold: kho account khi ng nhp sai. Bn nn cho gi tr ny l 3 trnh tnh trng hacker c gng d tm password ca bn, v nu hacker d pass sai qu 3 ln accountny s b lock trong vng 30 pht.Nu user ng nhp sai qu 3 ln dn n account user ny b lock bn c th unlock cho account nyngay tc th bng cch ng nhp vo vi quyn Administrator sau chn Computer Management ->Local user and group -> User
Sau double click vo account b lock b chn mc Account is locked out.
# Account lockout duration: kho account trong 30 pht khi ang nhp sai.# Reset account lockout counter after: xo b nh nh pass.
2/ Local policy
* Vo Windows settings - > Sercurity settings -> local policies:
2 of 7
Smith Nguyen St
ttp://www.facebook.com/SmithNguyenStudio
http://www.facebook.com/SmithNguyenStudiohttp://www.facebook.com/SmithNguyenStudiohttp://www.facebook.com/SmithNguyenStudiohttp://www.facebook.com/SmithNguyenStudio -
7/29/2019 Windows Server 2008 - Part 6 - Local Policy - Local Sercurity Policy - Smith.N Studio
3/7
a/ User rights assignment:
# Deny logon locally: chn user khng cho ng nhp vo my tnh.# Change the system time: nhng ngi c thay i gi h thng.# Shutdown the system: nhng ngi c quyn tt my.
v cn nhiu tnh nng khc bn t ngm cu nh.
b/ Sercurity options:
# Interactive logon: Do not display last user name: Khi user logout my ca s ng nhp skhng ghi li account user va logon.# Interactive logon: Message text for users attempting to log on: Bn c th nhn gi mt nidung no ti cc user trc khi h logon vo my vi ni dung nhn gi y.# Interactive logon: Message title for users attempting to log on: Bn nhp tiu ca hp nidung nhn gi vo y.
3/ Administrative Templates* Vo Administrative Templates
a/ System
# Turns off Autoplay: vi tu chn l Enable (All drivers) bn s gim nguy c ly lan virus do ccthit b ngoi vi nh USB, CD
Lu : Sau khi tu chnh trong Group Policy thc thi cc thay i bn phi tin hnh logoffmyhoc vo Start chn Run nhp lnh gpupdate /forceV cn nhiu tnh nng khc na y ti ch gii thiu n bn khi qut v Local Policy & LocalSercurity Policy m thi phn cn li bn t tm hiu.
3 of 7
Smith Nguyen St
ttp://www.facebook.com/SmithNguyenStudio
http://www.facebook.com/SmithNguyenStudiohttp://www.facebook.com/SmithNguyenStudiohttp://www.facebook.com/SmithNguyenStudiohttp://www.facebook.com/SmithNguyenStudio -
7/29/2019 Windows Server 2008 - Part 6 - Local Policy - Local Sercurity Policy - Smith.N Studio
4/7
Cc ng dng trong Local Policy & Local Sercurity Policy ca Windows Vista cng tng t nh trongWindows Server 2003, nhng v Windows Vista l mt win Client nn khi ta truy cp vo mt my Vistath n lun hiu rng bn l Guest cho d bn ng nhp vi bt c quyn hn g.Do bn phi vo Local Policies chn Sercurity Options# Accounts: Limit local account use of blank passwords to console logon only: Gii hn tikhon user c password trng ng nhpBn Disable n i
Trong mc Network access: Sharing and security model for local accounts: Chia s v bo mt cc tikhon cc bBn chn Guest only
Trong Windows Vista nu my bn dng trong phng internet bn c th chn ch Auto logonaccount gii hn quyn ca user truy cp nhm bo qun my tt hn. lm cng vic ny bn thc hin nh sau:To mt user mi vi tn l gccom1Logon vo Administrator
Vo Start chn Run nhp lnh control userpasswords2
4 of 7
Smith Nguyen St
ttp://www.facebook.com/SmithNguyenStudio
http://www.facebook.com/SmithNguyenStudiohttp://www.facebook.com/SmithNguyenStudiohttp://www.facebook.com/SmithNguyenStudiohttp://www.facebook.com/SmithNguyenStudio -
7/29/2019 Windows Server 2008 - Part 6 - Local Policy - Local Sercurity Policy - Smith.N Studio
5/7
Ca s User Account hin ra
Bn chn user gccom1 v sau restart li myBy gi cc ln khi ng k tip Windows s khng dng li mn hnh chn Account na m s chythng vo user gccom1
to cu thng bo cho ngi dng khi ng nhp vo my tnh bn vo mc Interactive logon:Message text for users attempting to log on
5 of 7
Smith Nguyen St
ttp://www.facebook.com/SmithNguyenStudio
http://www.facebook.com/SmithNguyenStudiohttp://www.facebook.com/SmithNguyenStudiohttp://www.facebook.com/SmithNguyenStudiohttp://www.facebook.com/SmithNguyenStudio -
7/29/2019 Windows Server 2008 - Part 6 - Local Policy - Local Sercurity Policy - Smith.N Studio
6/7
Nhp cu thng bo v Textbox
Tng t chn tip mc mc Interactive logon: Message title for users attempting to log on
Nhp dng tiu
6 of 7
Smith Nguyen St
ttp://www.facebook.com/SmithNguyenStudio
http://www.facebook.com/SmithNguyenStudiohttp://www.facebook.com/SmithNguyenStudiohttp://www.facebook.com/SmithNguyenStudiohttp://www.facebook.com/SmithNguyenStudio -
7/29/2019 Windows Server 2008 - Part 6 - Local Policy - Local Sercurity Policy - Smith.N Studio
7/7
Xong u y bn ra Run g lnh cp nht gpupdate /force
By gi th a7ng nha65o vi Account gccom1 s thy xut hin mn hnh thng bo
OK mnh va trnh by xong phn Local Policy & Local Sercurity Policy trong 70-648 ca MCSA.
Cng ty TNHH u t pht trin tin hc GC ComChuyn trang k thut my vi tnh cho k thut vin tin hc
in thoi: (073) - 3.511.373 - 6.274.294
Website: http://www.gccom.net
Smith Nguyen St
tt // f b k /S ithN St di
http://www.facebook.com/SmithNguyenStudiohttp://www.facebook.com/SmithNguyenStudiohttp://www.facebook.com/SmithNguyenStudiohttp://www.facebook.com/SmithNguyenStudio