programming4us
programming4us
DESKTOP

Windows Server 2012 : Planning, implementing, and managing Group Policy (part 5) - User Rights Assignment, Security Options

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

2. Configuring security settings

As Figure 4 shows, Group Policy for Windows 8 and Windows Server 2012 includes numerous types of security settings. Most of these policies are per-machine settings found under Computer Configuration\Policies\Windows Settings\Security Settings in the Group Policy Management Editor, but there are also two types of policies found under User Configuration\Policies\Windows Settings\Security Settings as the figure shows.

The following sections briefly discuss some of these categories of security settings, including

  • User Rights Assignment

  • Security Options

  • User Account Control

  • Audit Policy

  • Advanced Audit Policy Configuration

  • AppLocker

  • Software Restriction Policies

  • Windows Firewall

Group Policy security settings for computers (above) and users (below).
Figure 4. Group Policy security settings for computers (above) and users (below).

User Rights Assignment

User Rights Assignment settings are found under Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment, and you can use them to control the user rights assigned to users or security groups for computers targeted by the GPO. You can use these policies to specify users and security groups who should have rights to perform different kinds of tasks affecting the security of your Windows clients and servers. For example, you can control who can

  • Access computers from the network

  • Log on locally

  • Shut down the system

You can also specify who should have rights to perform critical administrative tasks, such as backing up and restoring files and directories, taking ownership of files and objects, and forcing the shutdown from a remote computer.

User Rights Assignment settings for Windows 8 and Windows Server 2012 are unchanged from those in Windows 7 and Windows Server 2008 R2.

Security Options

Security Options settings are found under Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options, and you can use them to control a wide variety of security options for computers targeted by the GPO. For example, you can

  • Force users to log off when their logon hours expire

  • Disable Ctrl+Alt+Del for logon to force smartcard logon

  • Force computers to halt when auditing cannot be performed on them

Windows 8 and Windows Server 2012 include four new policies in this category:

  • Accounts: Block Microsoft accounts This policy prevents users from adding new Microsoft accounts on this computer.

  • Interactive logon: Machine account threshold The computer lockout policy is enforced only on computers that have BitLocker enabled for protecting operating system volumes. You should ensure that appropriate recovery password backup policies are enabled.

  • Interactive logon: Machine inactivity limit Windows notices the inactivity of a logon session and if the amount of inactive time exceeds the inactivity limit, the screen saver will run, locking the session.

  • Microsoft network server: Attempt S4U2Self to obtain claim information This security setting is used to support clients running a version of Windows prior to Windows 8 that are trying to access a file share that requires user claims. This setting determines whether the local file server will attempt to use Kerberos Service-For-User-To-Self (S4U2Self) functionality to obtain a network client principal’s claims from the client’s account domain.


Other  
  •  Windows 8 : Monitoring, optimizing, and troubleshooting system health and performance (part 5) - Monitoring system resources by using Performance Monitor
  •  Windows 8 : Monitoring, optimizing, and troubleshooting system health and performance (part 4) - Configuring and analyzing event logs
  •  Windows 8 : Monitoring, optimizing, and troubleshooting system health and performance (part 3) - Using Windows Action Center
  •  Windows 8 : Monitoring, optimizing, and troubleshooting system health and performance (part 2) - App history, Startup, Services
  •  Windows 8 : Monitoring, optimizing, and troubleshooting system health and performance (part 1) - Processes, Performance
  •  Windows Server 2008 and Windows Vista : Common GPO Troubleshooting Tools (part 3) - GPResult, GPOTool
  •  Windows Server 2008 and Windows Vista : Common GPO Troubleshooting Tools (part 2) - GPMC
  •  Windows Server 2008 and Windows Vista : Common GPO Troubleshooting Tools (part 1) - GPLogView
  •  Windows Server 2008 and Windows Vista : Using Event Logging for Troubleshooting (part 4) - Summary of Group Policy Event IDs
  •  Windows Server 2008 and Windows Vista : Using Event Logging for Troubleshooting (part 3) - Divide the Custom View of the Log into Three Phases
  •  
    Top 10
    Free Mobile And Desktop Apps For Accessing Restricted Websites
    MASERATI QUATTROPORTE; DIESEL : Lure of Italian limos
    TOYOTA CAMRY 2; 2.5 : Camry now more comely
    KIA SORENTO 2.2CRDi : Fuel-sipping slugger
    How To Setup, Password Protect & Encrypt Wireless Internet Connection
    Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
    Backup & Restore Game Progress From Any Game With SaveGameProgress
    Generate A Facebook Timeline Cover Using A Free App
    New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
    SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
    - Messages forwarded by Outlook rule go nowhere
    - Create and Deploy Windows 7 Image
    - How do I check to see if my exchange 2003 is an open relay? (not using a open relay tester tool online, but on the console)
    - Creating and using an unencrypted cookie in ASP.NET
    - Directories
    - Poor Performance on Sharepoint 2010 Server
    - SBS 2008 ~ The e-mail alias already exists...
    - Public to Private IP - DNS Changes
    - Send Email from Winform application
    - How to create a .mdb file from ms sql server database.......
    programming4us programming4us
    programming4us
     
     
    programming4us