Local Security Policy

Day04

Lab Name:Local Security Policy

Tutorial description:To better manage computer user logon

Tutorial topology:Omitted

Tutorial steps:

Step 1

The Local Security Policy affects the security settings of the local computer.

Method for entering the security policy:Control Panel --- Administrative Tools ----- Local Security Policy

Command: secpol. MSC

Step 2

Account Policy

Password Policy:

• The password must meet the complexity requirements:English letters, uppercase letters, and lowercase numbers.

• Minimum password length:If the value range is 0 to 14, the password is not required.

• Minimum Password validity period:The default value is 0, indicating that the password can be changed at any time.

• Maximum Password Validity Period: The default value is set to 0 for 42 days, indicating that the password will never expire. The value ranges from 0 to days.

• Force password history:Recently used passwords are not allowed. The value ranges from 0 to 24.

• Use recoverable encryption to Store Passwords:Applications that enable this policy will reduce security. This policy is generally not enabled.

Account lock policy:

• Reset Account lock counter:Wait for a certain period of time (set here) to clear the original input records. [This generally does not exceed the account lock time, otherwise it will be meaningless]

The user enters the wrong password to start timing. After this time, the counter is reset to 0. This time must be less than or equal to the account lock time. Note: The Account Policy is invalid for the local administrator account.

• Account lock time: The waiting time for the lock after multiple incorrect passwords are entered. If you do not operate the computer within the specified time, the lock mode is enabled.

How long will the Account be automatically unlocked. The Unit is minute. The value range is 0 ~ 99999.0 indicates that the account must be manually unlocked by the Administrator.

• Account lock threshold (Yu) Value: Enter the wrong password several times and lock the account. The default value 0 in the range of 0--999 indicates that the account is not locked.

Step 3

Local policy:

Audit Policy:

• Audit Policy Changes: Whether to record operation events of logon users in security logs.

In the Windows Log in the time viewer of the management tool in the control panel, the key indicates that the operation is successful, and the lock indicates that the operation fails.

Concept of user permission assignment for users and groups-by default, all users created belong to the user group.

• Shut down the system

• Change System Time

• Deny local Logon

• Allow local Login

• Deny access to this computer from the network

Note: deny is preferred when both denial and consent are added.

Security Options:

• Message Title text when a user attempts to log on

• Sharing and security modes of local accounts for network access (Classic and guest only)Classic is the login user, otherwise it is only the Guest user.

• A local account with a blank password can only log on to the console.. You cannot log on through the network.

Step 4

Local Group Policy in winserver2008

Group Policy: a set of policies (not related to the Group)

1. Run gpedit. MSC to open the Local Group Policy.

2 Including computer configuration and user configuration

1) blocked reason for disabling win2008 Shutdown

Single-host computer configuration-management template-system-double-click the right side to display "close time tracking program"-select Disabled-OK

2) Delete shutdown from the menu. Restart. Sleep and sleep

Single and User Configuration | management template | Start Menu and taskbar | double-click the DELETE command on the right and select "enabled" for the commands to stop, restart, sleep, and sleep.

Delete the Security and link tab in the Internet option of the browser internetexport

Single-host User Configuration | management template | Windows Components | internetexport | Internet Control Panel

Double-click the Disable link page and disable security page to select Enabled

Experiment conclusion:The course of the day can basically keep up with the pace of the teacher's speech.