Using Administrative Tools to Protect your Small Business PCs

Administrative Tools allow you to set local user policies to prevent other users of the computer from doing harm. You can set rules for passwords and logon attempts to heighten the security of the computer. You can also view events like failed logon attempts. Any tool that gives you more control over your computer, who accesses it, and what they can do while at the computer is a great security asset.

Local security policies can be configured to secure your computer from the people who have access to it, including the night staff, additional users, or coworkers. You’d be surprised just how much damage someone can do in a short period of time, whether it’s intentional or not.

There are hundreds of policy settings, but we'll look first at some of the less-complicated options. By configuring these policies, you can prevent malicious access of your computer by locking the computer after a specific number of failed logon attempts, you can require users of the computer to use complicated passwords so they cannot be easily guessed, and you can require users to press Ctrl+Alt+Del to log on (just to name a few options).

Listed next are some of the more common security changes you can make..

• Enforce Password History: Used to determine how many days a password can be remembered in the password history. This is best left at 0 days, thus requiring each user to type in their password each time they log on. The default is 0. For maximum security, set a password and use it each time.

• Maximum Password Age: Used to determine how many days a password can remain active until it expires and must be changed. The default is that the password never expires; however, this might need to be changed if other people have access to the computer and have time to try to guess a password. I set mine to expire every 15 days.

• Minimum Password Age: Used to determine how many days a password must be kept before it can be changed. The default is 0 days, meaning the password can be changed immediately and at any time. This default is recommended.

• Minimum Password Length: Used to configure how many characters must be in a password. The default is 0, but a password containing at least 7 characters is much more secure.

• Password Must Meet Complexity Requirements: Disabled by default, this setting allows you to require complex passwords containing uppercase and lowercase letters, numbers, and symbols.

• Account Lockout Threshold: Used to configure how many logon attempts can be made before the account is locked. By default, no lockout threshold is set. For extra security, change this setting to 3 or 5 tries and configure the Account Lockout Duration setting.

• Account Lockout Duration: Used to configure how long an account will be locked out if the account lockout threshold has been met. If an account lockout threshold has been set, the default is 30 minutes.

• Reset Account Lockout Counter After: Used to configure how soon the Account Lockout Threshold counter will be reset after it is locked. Similar to the Account Lockout Duration setting, the default is 30 minutes. After 30 minutes, the user can try to log on again.

• Accounts: Rename Guest Account: Allows an administrator to change the Guest account name.

• Devices: Unsigned Driver Installation Driver Behavior: Determines whether unsigned drivers can be installed. To prevent unsigned drivers from ever being installed, choose the Do Not Allow Installation choice. The Warn But Allow Installation option is the default.

• Interactive Logon: Message Text For Users Attempting To Log On: Allows an administrator to configure a message that each user, upon logon, will need to read.

• Interactive Logon: Do Not Require Ctrl+Alt+Del: Allows you to define whether this key combination is required of users who log on. By default, it is not required.

If you share a computer with another person, or if your computer can be accessed by others, either at night or when you are away from your office, you should consider configuring some of the local security polices listed in the previous section to protect the computer and your users. Here’s how:

1. Open the Control Panel, and if you are using Category view, click Performance And Maintenance. Click Administrative Tools. (If you don't see an Administrative Tools icon, use Start> Search, and search for the Administrative Tools folder.)

2. Open Local Security Policy. Expand Account Policies and click Password Policy.

3. Double-click any password policy to change. Figure 16-9 shows the Maximum Password Age Properties dialog box. Notice it’s been changed from the default of 0 to 15 days. Click OK.

4. Repeat these steps to set account lockout policies and security options.

You can be sure with these settings that your computer is more secure and protected than ever. When you are finished configuring the settings, simply close the Local Security Settings window. Your changes will be automatically saved.

More Ways to Protect Your PCs:

Vista's BitLocker Drive Encryption - What You Need to Know to Get Started

Windows Vista and Office 2007 – You need anti-virus software

Windows Vista Security Center - Almost Everything You Need