Running head: MANAGING DESKTOP SECURITY 1

Managing Desktop Security

Name

Institution Affiliation
MANAGING DESKTOP SECURITY 2

Managing Desktop Security

Each organization faces security threats, and the types of security threats that affect

one organization most can vary completely from another. The one thing that is common to all

organizations is the need to keep their apps and devices safe. These devices must comply

with the organization's safety standards (or safety baselines). In order to help increase

flexibility and reduce costs and complexity, Microsoft suggests that companies adopt a well-

known and well-tested industry-standard security model, such as the Microsoft Security

Baselines, and stick to well-known and proven solutions, as opposed to creating a custom

configuration template for itself. Group policy is a Microsoft Windows Active Directory

feature that adds additional user and device account controls (Dalton & Curtis, 2001). Group

policies provide user computing environments with centralized management and operating

systems settings. Group policies are another way to secure user computers from intrusion and

infringement of data.

There are some basic group policy settings that can make your network far more

secure than without them if properly configured. By configuring computers' security and

functional actions through Group Policy (a group of device registry settings), you can make

your organizational network safer. Through Group Policy, you can prohibit users from

accessing specific resources, running scripts, and performing simple tasks such as requiring

each user in the network to open a particular home page.

I being the most technical employee in the organization and needed to tackle and

provide group policy recommendations that would protect the organization from insider

threats, I would recommend;

1. Controlling End Users in logging on as Administrators - Up to 70 percent of all

network attacks could be avoided if the end user of the system was not logged in as a member

of the group of administrators. Administrators also give local administrator privileges to end
MANAGING DESKTOP SECURITY 3

users so that they can install or run programs on their computers, but if you do this, you give

away the keys to the kingdom (Greene & Tim, 2009). By not allowing regular users to have

administrator rights, you can prevent the installation of new programs. Normally, non-

administrators are unable to download software.

2. Rename the Administrator and other Highly Privileged Accounts - Most threats are

computerized and are programmed to search for Administrator accounts. Although the well-

known administrator SID cannot be modified, most malware and hackers are not operating at

SID level. Rename sensitive accounts that seem to be a regular user account. Then create fake

replacement profiles, even the default descriptions are simulated. Restrict these accounts

heavily and provide them with long, complex passwords (15 characters or more), then check

them for unauthorized access.

3. Use firewalls and antivirus, antispam, and antispyware solutions - Each PC should be

protected by a firewall that is host-based, or personal. Windows Firewall (or ICF) is the best

firewall for the job. By default it will reject all incoming connections that were not initiated

by an outgoing connection before. This feature defeats the door beating malicious mobile

software. Although firewalls and antivirus software will not block all bad programs from

entering your computer, they are doing a good job of preventing most of the threats.

4. Block access to dangerous files - A standard Windows installation includes many

executable files that an attacker is far more likely to use maliciously than a trustworthy user is

legitimately. Delete the ability of non-admin users to read and execute certain files while

checking the NTFS permissions. (For all authenticated users, all files in Windows and

System32 directories are allowed to be read and executed by default.) Make sure you only

delete permissions. Do not do anything like Deny-All to users or group everyone —

administrators are also included in those groups.

MANAGING DESKTOP SECURITY 4

5. Screen saver timeout and password protect the screen saver – When the computer is

not in use for quite pattern of minutes, would adjust it on how it would timeout within set

minutes patterns, and workers would be required to enter a login password so that they can

continue accessing the computer. This would limit cases of other casual employees with other

intentions to access the information stored in computers.

Having these policies would see numerous adjustments to the organization way of

protecting information, and minimizing cases of insider threats that would sabotage the

operations of the organization. Among the preventions met by this policies would be;

 Ease of management

 Password policy enforcement

 Folder restrictions

 One stop administration.

MANAGING DESKTOP SECURITY 5

References

Dalton & Curtis. (2001). Managing Remote Desktop Firewalls. To protect your network and

its remote client systems, you must face and tackle the daunting task of building a remote

security solution. (Industry Trend or Event). Network Magazine, 84.

Greene & Tim. (2009). IBM software to ease multivendor security management; IBM is

introducing software that lets customers manage multivendor desktop security agents via a

single console. Network World, Network World, March 12, 2009.