Welcome to Maxi-Pedia Forum. Maxi-Pedia discussion forum is a free community inviting you to express your ideas and discuss various topics with other contributors.

November 24, 2024, 08:09:21 am *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
 
   Home   Help Search Login Register  
Most Recent Posts:
Pages: [1]
  Print  
Author
Topic: 

Local Security Policy Recommended Changes?

 (Read 15209 times)
animal
Newbie
*
Posts: 2


« on: September 08, 2011, 02:36:19 pm »

Hi there!

What would you recommend changing (for security reasons) from the original default settings in secpol.msc.

I'm connecting directly to a modem with a single PC that's not used for file sharing or remote use etc.


Thanks for any help.

Regards,
animal
Logged
Maxi-Pedia Forum
« on: September 08, 2011, 02:36:19 pm »

 Logged
atari
Full Member
***
Posts: 121


« Reply #1 on: September 09, 2011, 10:33:12 am »

Hello,

I would recommend the following policies:

Code:
[b]Interactive logon: Do not require CTRL+ALT+DEL (disabled)[/b]
Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
DisableCAD = 0

[b]Always use classic logon (enabled)[/b]
Local Computer Policy\Computer Configuration\Administrative Templates\System\Logon
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
LogonType = 0

[b]Interactive logon: Do not display last user name (enabled)[/b]
Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
DontDisplayLastUserName = 1

[b]Hide entry points for Fast User Switching (enabled)[/b]
Local Computer Policy\Computer Configuration\Administrative Templates\System\Logon
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
HideFastUserSwitching = 1

[b]Store passwords using reversible encryption (disabled)[/b]
Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy

[b]Screen Saver (enabled)[/b]
User Configuration\Administrative Templates\Control Panel\Display
HKEY_USERS\.DEFAULT\Control Panel\Desktop\ScreenSaveActive = 1

[b]Screen Saver timeout (enabled, 900 sec.)[/b]
User Configuration\Administrative Templates\Control Panel\Display
HKEY_USERS\.DEFAULT\Control Panel\Desktop\ScreenSaveTimeOut = 900

[b]Password protect the screen saver (enabled)[/b]
User Configuration\Administrative Templates\Control Panel\Display
HKEY_USERS\.DEFAULT\Control Panel\Desktop\ScreenSaverIsSecure = 1

[b]Configure Automatic Updates (enabled; 4 – Auto download and schedule)[/b]
Local Computer Policy\Computer Configuration\Adinistrative Templates\Windows Components\Windows Update
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
NoAutoUpdate= 0
AUOptions = 4

[b]Automatic Updates detection frequency (enabled; 16 hours)[/b]
Local Computer Policy\Computer Configuration\Adinistrative Templates\Windows Components\Windows Update
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
DetectionFrequency = 16
DetectionFrequencyEnabled = 1

[b]Allow Automatic Updates immediate installation (enabled)[/b]
Local Computer Policy\Computer Configuration\Adinistrative Templates\Windows Components\Windows Update
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
AutoInstallMinorUpdates = 1

[b]Shutdown: Clear virtual memory pagefile (disabled)[/b]
Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
ClearPageFileAtShutdown = 1

[b]User Account Control: Run all administrators in Admin Approval Mode (enabled)[/b]
Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\

[b]User Account Control: Detect application installations and prompt for elevation (enabled)[/b]
Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\

[b]User Account Control: Switch to the secure desktop when prompting for elevation (enabled)[/b]
Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\

[b]User Account Control: Behavior of the elevation prompt for administrators in Admin Aproval Mode (Prompt for consent)[/b]
Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\

[b]User Account Control: Behavior of the elevation prompt for standard users (Automatically deny elevation requests)[/b]
Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\

Cheers.
Logged
animal
Newbie
*
Posts: 2


« Reply #2 on: September 09, 2011, 11:43:27 am »

that's excellent.

thank you for taking the time to reply.
Logged
atari
Full Member
***
Posts: 121


« Reply #3 on: September 12, 2011, 04:15:28 pm »

You are welcome.
Logged
Maxi-Pedia Forum
   

 Logged
Pages: [1]
  Print  
 
Jump to:  

Page created in 0.084 seconds with 21 queries. (Pretty URLs adds 0s, 0q)