Chapter 13: Configuring Security Settings and Internet Options

1
Chapter 13 Configuring Security Settings and
Internet Options

• By the Objectives

2
Chapter Overview

• Configuring Account Policies
• Configuring User Rights
• Configuring Security Options
• Configuring Internet Options

3
Security Settings in the Local Computer Policy
Snap-In

• When you install the Group Policy snap-in and
  point it at the local computer, it is called the
  Local Computer Policy snap-in.
• Account Policies is one of the Security Settings
  in the Local Computer Policy snap-in.
• User Rights Assignments and Security Options are
  both Local Policies and are part of the Security
  Settings in the Local Computer Policy snap-in.

4
Lesson One Objective

• Configure Account Policies

5
Password Policy

• Improves security on your computer
• Controls how passwords are created and managed
• Specifies the length of time a password can be
  used
• Specifies the minimum password length
• Maintains a history of the passwords used

6
Password Policy Settings
7
Configuring Account Lockout Policy
8
Lesson Two Objectives

• Configure user rights

9
Understanding User Rights

• Can be assigned to groups or individual user
  accounts
• Should be assigned only to groups
• Are cumulative

10
Assigning User Rights
11
Logon Rights

• Access This Computer From The Network (or Deny)
• Log On As A Batch Job (or Deny)
• Log On As A Service (or Deny)
• Log On Locally (or Deny)
• Allow Logon Through Terminal Services (or Deny)

12
Lesson Three Objective

• Configure security options

13
Renaming the Administrator Account

• You cannot delete the Administrator account.
• You should rename the built-in Administrator
  account.
• To rename the built-in Administrator account
• 1. Right-click Accounts Rename The Administrator
  Account.
• 2. Click Properties.
• 3. Type the new name, and then click OK.

14
Configuring Other Settings to Improve Logon
Security

• Rename the built-in Guest account.
• Limit the number of times users can log on to a
  Microsoft Windows domain using cached account
  information.
• Interactive Logon Number Of Previous Logons To
  Cache
• Prevent the storing of credentials and .NET
  Passports.
• Network Access Do Not Allow Storage Of
  Credentials Or .NET Passports For Network
  Authentication

15
Shutting Down the Computer Without Logging On

• By default, Microsoft Windows XP Professional
  does not require a user to be logged on to the
  computer to shut it down.
• To force users to log on to the computer before
  they can shut it down
• 1. Right-click Shutdown Allow System To Be Shut
  Down Without Having To Log On.
• 2. Click Properties.
• 3. Select Disable to force users to log on before
  they can shut down the computer.
• To use this setting, the computer must be a
  member of a domain or you must turn off the use
  of the Welcome screen.

16
Clearing the Virtual Memory Pagefile on Shutdown

• By default, Windows XP Professional does not
  clear the virtual memory pagefile when the system
  is shut down.
• The data in the pagefile might be accessible to
  users who are not authorized to view that
  information.
• To have Windows XP Professional clear the
  pagefile on shutdown
• 1. Right-click Shutdown Clear Virtual Memory
  Pagefile.
• 2. Click Properties.
• 3. Select Enabled.

17
Disabling CtrlAltDelete Requirement for Logon
18
Preventing the Display of the Last User Name in
Logon Screen
19
Lesson Four Objective

• Configure Internet options

20
Using Internet Options

• Allows you to
• Configure Microsoft Internet Explorer 6.0
• Specify the first Web page you see when you start
  Internet Explorer
• Delete temporary Internet files stored on your
  computer
• Use Content Advisor to block objectionable
  materials on your computer
• Set your security level

21
Configuring Internet Options
22
Using the Security Tab
23
Using the Privacy Tab
24
Using the Content Tab
25
Using the Connections Tab
26
Using the Programs Tab
27
Using the Advanced Tab
28
Chapter Summary

• Local Computer Policy Security Settings
• Account Policies is one of the Local Computer
  Policy Security Settings.
• User Rights Assignments and Security Options are
  both Local Policies and are also part of the
  Local Computer Policy Security Settings.

29
Chapter Summary (Cont.)

• Password Policy controls passwords.
• How often they must be changed
• How often they can be reused
• Their minimum length
• Their complexity
• Storing them in reverse encryption
• Account Lockout Policy controls
• The lockout duration
• The number of invalid attempts before an account
  is locked out
• The amount of time before the lockout counter is
  reset

30
Chapter Summary (Cont.)

• User rights grant groups the privileges to
  perform a specific task or control the way users
  can log on to a system.
• Security options control
• How you enable, disable, or rename the
  Administrator and Guest accounts
• How you manage interactive logon, network
  clients, network access, and network security
• Internet Explorer security is configured in
  Internet Options, which is accessed through
  Network And Internet Connections in Control
  Panel.