Leave a comment

Using The Group Policy Editor to Secure Your Computer

Written by:  • Edited by: Bill Bunter
Updated May 6, 2010 • Related Guides: Microsoft | Windows Vista | Windows XP

The Security Policies and Group Policies in major Microsoft operating systems allow for the control and tightening of security. With Windows XP Professional, Windows Vista and Windows 7 Beta, these policies help to lock down individual settings.

Policies

Even old administrators like me are often left scratching their heads wondering what Microsoft's Security Policy or Group Policy means or wants. In this series we will examine the different lines of mysterious and not so mysterious lines in the policies. These settings allow for the ultimate control of local computers. The sole purpose of these tweaks allows for the compliance of security and control of the workstation.

Policies the Basics

The following information is found under gpedit.msc or the security policy under the control panel

Although these areas appear to repeat themselves, let's examine these line by line-

  1. Computer Configuration\Windows Settings\Account Policies\Password Policy
  2. Computer Configuration\Windows Settings\Account Policies\Account Lockout Policy
  3. Computer Configuration\Windows Settings\Local Policies\Kerberos Policy
  4. Computer Configuration\Windows Settings\Local Policies\Audit Policy

Password Policy - What It Really Means

Computer Configuration\Windows Settings\Account Policies\Password Policy

Enforce password history - This setting keeps track of your passwords and will not allow a password to be reused within a given time

Maximum password age - The longest period of time a password can be used before the system requires a change

Minimum password age - The minimum amount of time a password can be used before it can be changed

Minimum password length - The minimum number of characters a password must be

Password must meet complexity requirement - The passwords cannot contain the user's account name or parts of the user's full name and cannot exceed two consecutive characters on the aforesaid information, the password must be at leastsix characters in length, and must contain upper characters (A - Z), lowercase (a - z), numbers (0 - 9) and contain symbols.

Lockout Policy Meanings

Computer Configuration\Windows Settings\Account Policies\Account Lockout Policy

Account lockout duration - This specifies the time a user will be locked out if the user puts in the wrong username or password

Account lockout threshold - This determines the number of times a username and password can be put in before action is taken

Reset lockout counter after - This setting determines when the account will be reset and the user can try again

Showing page 1 of 2
1
We Also Recommend...
 
blog comments powered by Disqus
Computer Security
FEATURED AUTHORS
Sylvia Cochran Brian Healy Joe Taylor Jr. Anurag Ghosh
R.L. Flowers veikoh zero1 PreciousJohnDoe
Most Popular Articles
Email to a friend