Friday, March 30, 2007

LOCAL SECURITY POLICY

You can also set advanced security options from the Security tab, available
in the shared file’s Properties dialog box. You saw this tab and this dialog
box during Step 2 earlier. For more information, view the Help and Support
files.

LOCAL SECURITY POLICY

You’ve had a few lessons in local security policies throughout this book,
but none addressing logon and password security. These are called account
policies, and they allow administrators to create rules for users regarding
password age and length, complexity, and whether or not users can use
previously configured passwords. Administrators can also decide what to do
if and when a user has a specific number of failed logon attempts, including
whether or not they will be locked out of the computer and, if so, for how long.
These policies are not set by default. If multiple users access the
computer and you want passwords to be as secure as possible, consider
creating password policies. If the computer is available to cleaning crews,
children, the public, employees, or strangers when you aren’t around, you
should strongly consider creating policies that address account lockout
when failed logon attempts are made. A would-be hacker won’t get very far
if they get locked out for an hour after three failed logon attempts. And, if
a user really does forget the password, you can reset it quickly.
Ó Configure Password Requirements
Complex passwords help secure the computer for everyone who uses it.
All account policies are set in Local Security Policy. To locate Local
Security Policy, open Control Panel | Administrative Tools | Local
Security Policy. In the Local Security Settings dialog box, expand Account
Policies and select Password Policy.
To set any policy, simply double-click it and make the changes desired.
There are six options in a workgroup, but only five relate to workgroups:
■ Enforce Password History With this enabled, users cannot use
old passwords (up to the last 24).
■ Maximum Password Age With this enabled, users must change
their password after a specific number of days.
■ Minimum Password Age With this enabled, users must wait
a specific number of days before changing their password.

No comments: