Review User Rights and Security Options

Previous page
Table of content
Next page

15 Review and evaluate the use of user rights and security options assigned to the elements in the security policy settings.

The default installation of Windows Server 2003 has 39 user rights settings and 70 security options. These settings and options allow broad, sweeping, and powerful changes to how the host will behave under many different situations.

Note 

Be very careful here. It is possible to lock yourself out, disable critical internal processes, and limit necessary functionality. It's strongly recommended that you thoroughly test any changes you make here in a test environment with any applications that may even possibly depend on the settings running on the system.

How

you'll find the security policies as they affect your system by typing rsop.msc or secpol.msc at the command line. After the GUI opens, select Computer Configuration | Windows Settings | Local Policies. Remember that you can export these settings by right clicking the folder icon and selecting "Export."

Evaluate the settings you have here with the policies you have for your organization. There are several guides suggesting recommended settings, including Microsoft's website, the built-in security templates, the Center for Information Security guides (http://www.cisecurity.org), and of course, SANS (http://www.sans.org). The bottom line here is that you need to decide what your organization is looking to accomplish and audit against these settings. If your organization isn't using these settings at all, then you should take the initiative to spearhead a project to look into these settings. Here are some common settings for both.

Common security options include

  • Renaming guest and administrator accounts

  • Disabling the guest account

  • Choosing not to display the last logged on user

  • Prompting the user to change the password before expiration

  • Refusing enumeration of SAM accounts and shares by anonymous

  • Refusing to store network credentials (Be careful with this!)

  • Changing local-area network (LAN) manager responses (Be careful with this!)

Common user rights assignments include

  • Changing who can access the computer across the network

  • Defining who can log on locally

  • Denying access to the computer from the network

  • Denying logon through terminal services

  • Defining who can take ownership of file or other objects


Previous page
Table of content
Next page
IT Auditing. Using Controls to Protect Information Assets
It Auditing: Using Controls to Protect Information Assets [IT AUDITING -OS N/D]
ISBN: B001TI1HNG
EAN: N/A
Year: 2004
Pages: 159
BUY ON AMAZON
Documenting Software Architectures: Views and Beyond
Java How to Program (6th Edition) (How to Program (Deitel))
Cisco CallManager Fundamentals (2nd Edition)
Special Edition Using Crystal Reports 10
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
What is Lean Six Sigma
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy