User Account Control (UAC) settings are a subset of the
Security Options settings described in the previous section. There
are ten policies that you can use to configure the behavior of UAC
on computers targeted by Group Policy, and these policies are the
same as those in Windows 7 and Windows Server 2008 R2.
One thing that has changed in Windows 8 and Windows Server
2012 is that it is no longer possible to completely disable UAC on
the computer. This is because the infrastructure that supports
running Windows 8 apps requires UAC. As a result, disabling UAC is
no longer supported on Windows 8.
Policies for basic auditing, which are found under Computer
Configuration\Policies\Windows Settings\Security Settings\Local
Policies\Audit Policy, allow you to audit account logon events,
privilege use, and other user or system activity.
Advanced Audit Policy Configuration
Policies for advanced auditing, which are found under Computer
Configuration\Policies\Windows Settings\Security Settings\Advanced
Audit Policy Configuration, perform auditing functions similar to
those performed by the basic audit policies found under Local
Policies\Audit Policy. However, the advanced audit policies allow
you to be more selective about the number and types of events you
want to audit. For example, while basic audit policy provides a
single setting for auditing account logons, advanced audit policy
provides four separate settings for this purpose.
One new type of advanced audit policy (Audit Removable
Storage) is shown in Figure 5. This new policy
provides you with the ability to track the usage of removable
storage devices. If this policy is enabled in a GPO that targets
users, an audit event is generated each time a user attempts to
access a removable storage device. Two types of audit events are
logged by this policy:
-
Success audits (Event 4663) record successful attempts to
write to or read from a removable storage device.
-
Failure audits (Event 4656) record unsuccessful attempts
to access removable storage device objects.
AppLocker can be used to control which applications and files
users can run on their computers. AppLocker was introduced in
Windows 7 and Windows Server 2008 R2, and its policies are found
under Computer Configuration\Policies\Windows Settings\Security
Settings\Application Control Policies\AppLocker.
Software Restriction Policies
The Software Restriction Policies (SRP) feature was introduced
in Windows XP and Windows Server 2003 to provide administrators with
a policy-driven mechanism to identify programs running on machines
in a domain and to control how those programs can execute. SRP
settings are found under both Computer
Configuration\Policies\Windows Settings\Security Settings and User
Configuration\Policies\Windows Settings\Security Settings. SRP is
similar to AppLocker but has more limited functionality.
With the introduction of AppLocker in Windows 7 and Windows
Server 2008 R2, you should now use AppLocker instead of SRP if all
your client computers are running Windows 7 or later. Organizations
that include a mix of Windows 8, Windows 7, and older Windows
clients, however, can use a combination of AppLocker and SRP to lock
down their desktop application environments.
Configuring Windows Firewall with Advanced Security
Windows Firewall with Advanced Security provides host-based,
two-way network traffic filtering for Windows client and server
operating systems. Windows Firewall with Advanced Security was
introduced in Windows Vista and Windows Server 2008. Windows
Firewall with Advanced Security policies are found under Computer
Configuration\Policies\Windows Settings\Security Settings\Windows
Firewall with Advanced Security.
