CHAPTER 17
CONFIGURING GROUP POLICY AND
LOCAL SECURITY POLICY
Lesson 1:
Configuring Account Policies
Password policy allows you to improve security on your computer by controlling how passwords
are created and managed. You can specify the maximum length of time a password can be used
before the user must change it. You can also set the minimum password length.
You can configure Password Policy on a computer running Windows 2000 Professional by using
Group Policy or Local Security Policy. You use Group Policy to configure Password Policy as
follows:
the name Group Policy.
Security Settings/Account Policies/ Password Policy.
Password Policy
Settings
======================================================================
Settings Description
======================================================================
Enforce Password How many passwords to keep. A value of 0 indicates that no
History password history is being kept. This is the default. The Range
Is from 0-24.
Maximum Password The number of days before the user changes the password.
Age A value of 0, means the password will not require.
A default of 42 days. The range is 0-999 days.
Minimum Password The number of days the user must keep the password
Age before changing it. A value of 0 = the password must
Be changed immediately. This is the default.
Will prevent people from forcing to enter 10 password
changes in a row, and use the favorite password they
have.
Range = 0-999.
======================================================================
winpro17.html PAGE 2
2001/12/18
Minimum Password 0-14. 0 = no password required. 0 is the default value.
Length Policy for site, a geographic location with an IP address.
Passwords Must Options are enabled or disabled. Disabled is the default.
Meet Complexity Capitals, numerals, punctuation, a combination of the
Requirements three are required.
Store Password The options are enabled of disabled. Default is disabled.
Using reversible Only used in Windows 2000 Professional is in a domain.
Encryption for all
Users in the
Domain
======================================================================
Configuring Account Lockout Policy
If no account lockout policy is in place, an unauthorized user can repeatedly try to break into
your computer.
Lesson Summary:
your computer by making it more difficult for an unauthorized user to gain access.
If no Account Lockout policy is in place, unauthorized users can repeatedly try to break into
your computer.
Lesson 2:
Configuring Security Options
The security Options node lives under the Local Policies node. Close to 40 additional security
options are available here that allow you to increase the effective security on your computer.
Shutting Down the computer Without Logging on:
By default, Windows
200 Professional doesn’t require a user to logged on to the computer to
shut it down. Security Options allows you to disable this feature and force users to log on to
the computer before it can be shut down.
======================================================================
winpro17.html PAGE 3
2001/12/18
Clear Virtual Memory Pagefile When
System Shuts Down
By default Windows 2000 Professional doesn’t clear the virtual memory pagefile when the
system is shut down. To enable this feature and clear the pagefile each time the system is
shut down, open the Group Policy snap-in, expand the Local Computer Policy, expand
computer configuration, expand Windows Settings, Expand Security Settings, Expand
Local Policies, and then select Security Options. Right-Click Virtual Memory Pagefile
when System Shuts down and then click Enabled or disabled.
Disable CTRL+ALT+
By default, Windows 2000 Professional requires user to press
CTRL+ALT+
log on to the computer. By disabling this you reduce the security on the computer.
You eliminate the Trojan horse program waiting to capture your program. You set this
option using the Group Policy snap-in.
Do not Display Last User Name in Logon Screen
By default, Windows 2000 P displays the last user name to log on.
To enable this option and prevent the last user name from being displayed, in the Group
Policy snap-in, expand Local Computer Policy/computer configuration/Windows Settings/
Security Setting/Local Policies/console tree, Security options.
You should disable this feature for security purposes.
Lesson Summary:
password.