programming4us
programming4us
DESKTOP

Windows Server 2012 : Planning, implementing, and managing Group Policy (part 5) - User Rights Assignment, Security Options

- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire

2. Configuring security settings

As Figure 4 shows, Group Policy for Windows 8 and Windows Server 2012 includes numerous types of security settings. Most of these policies are per-machine settings found under Computer Configuration\Policies\Windows Settings\Security Settings in the Group Policy Management Editor, but there are also two types of policies found under User Configuration\Policies\Windows Settings\Security Settings as the figure shows.

The following sections briefly discuss some of these categories of security settings, including

  • User Rights Assignment

  • Security Options

  • User Account Control

  • Audit Policy

  • Advanced Audit Policy Configuration

  • AppLocker

  • Software Restriction Policies

  • Windows Firewall

Group Policy security settings for computers (above) and users (below).
Figure 4. Group Policy security settings for computers (above) and users (below).

User Rights Assignment

User Rights Assignment settings are found under Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment, and you can use them to control the user rights assigned to users or security groups for computers targeted by the GPO. You can use these policies to specify users and security groups who should have rights to perform different kinds of tasks affecting the security of your Windows clients and servers. For example, you can control who can

  • Access computers from the network

  • Log on locally

  • Shut down the system

You can also specify who should have rights to perform critical administrative tasks, such as backing up and restoring files and directories, taking ownership of files and objects, and forcing the shutdown from a remote computer.

User Rights Assignment settings for Windows 8 and Windows Server 2012 are unchanged from those in Windows 7 and Windows Server 2008 R2.

Security Options

Security Options settings are found under Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options, and you can use them to control a wide variety of security options for computers targeted by the GPO. For example, you can

  • Force users to log off when their logon hours expire

  • Disable Ctrl+Alt+Del for logon to force smartcard logon

  • Force computers to halt when auditing cannot be performed on them

Windows 8 and Windows Server 2012 include four new policies in this category:

  • Accounts: Block Microsoft accounts This policy prevents users from adding new Microsoft accounts on this computer.

  • Interactive logon: Machine account threshold The computer lockout policy is enforced only on computers that have BitLocker enabled for protecting operating system volumes. You should ensure that appropriate recovery password backup policies are enabled.

  • Interactive logon: Machine inactivity limit Windows notices the inactivity of a logon session and if the amount of inactive time exceeds the inactivity limit, the screen saver will run, locking the session.

  • Microsoft network server: Attempt S4U2Self to obtain claim information This security setting is used to support clients running a version of Windows prior to Windows 8 that are trying to access a file share that requires user claims. This setting determines whether the local file server will attempt to use Kerberos Service-For-User-To-Self (S4U2Self) functionality to obtain a network client principal’s claims from the client’s account domain.


Other  
  •  Windows 8 : Monitoring, optimizing, and troubleshooting system health and performance (part 5) - Monitoring system resources by using Performance Monitor
  •  Windows 8 : Monitoring, optimizing, and troubleshooting system health and performance (part 4) - Configuring and analyzing event logs
  •  Windows 8 : Monitoring, optimizing, and troubleshooting system health and performance (part 3) - Using Windows Action Center
  •  Windows 8 : Monitoring, optimizing, and troubleshooting system health and performance (part 2) - App history, Startup, Services
  •  Windows 8 : Monitoring, optimizing, and troubleshooting system health and performance (part 1) - Processes, Performance
  •  Windows Server 2008 and Windows Vista : Common GPO Troubleshooting Tools (part 3) - GPResult, GPOTool
  •  Windows Server 2008 and Windows Vista : Common GPO Troubleshooting Tools (part 2) - GPMC
  •  Windows Server 2008 and Windows Vista : Common GPO Troubleshooting Tools (part 1) - GPLogView
  •  Windows Server 2008 and Windows Vista : Using Event Logging for Troubleshooting (part 4) - Summary of Group Policy Event IDs
  •  Windows Server 2008 and Windows Vista : Using Event Logging for Troubleshooting (part 3) - Divide the Custom View of the Log into Three Phases
  •  
    Youtube channel
    Top 10
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
    - Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
    - Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
    REVIEW
    - First look: Apple Watch

    - 3 Tips for Maintaining Your Cell Phone Battery (part 1)

    - 3 Tips for Maintaining Your Cell Phone Battery (part 2)
    programming4us programming4us
    programming4us
     
     
    programming4us