Академический Документы
Профессиональный Документы
Культура Документы
account Computer Configuration\ Administrative Templates\ System\ Internet Communication Management\ Internet Communication settings\ Turn off Windows Error Reporting Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ Security Options\ Interactive logon: Require smart card Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ Security Options\ Interactive logon: Smart card removal behavior Computer Configuration\ Windows Settings\ Security Settings\ Account Policies\ Password Policy\ Password must meet complexity requirements Computer Configuration\ Windows Settings\ Security Settings\ Account Policies\ Password Policy\ Minimum password length Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ User Rights Assignment\ Deny access to this computer from the network Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ Security Options\ Accounts: Administrator account status
Values
Define this policy - No Action - Lock Workstation - Force Logoff - Disconnect if a remote Terminal Srevices session Define this policy - Enable - Disable
Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ User Rights Assignment\ Deny log on as a batch job Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ User Rights Assignment\ Deny log on through Terminal Services Computer Configuration\ Windows Settings\ Security Settings\ System Services\ (All services) Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ Security Options\ Accounts: Rename guest account Computer Configuration\ Windows Settings\ Security Settings\ Event Log\ Maximum log size, Retain, Retention method Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ Security Options\ Microsoft network client: Digitally sign communications (always) Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ Security Options\ Microsoft network client: Digitally sign communications (if server agrees) Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ Security Options\ Microsoft network server: Digitally sign communications (always)
Default disabled
Default enabled
Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ Security Options\ Microsoft network server: Digitally sign communications (if client agrees) Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ Security Options\ Domain controller: LDAP server signing requirements Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ Security Options\ Network security: LDAP client signing requirements Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ Audit Policy\ Audit account logon events Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ Audit Policy\ Audit logon events Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ Audit Policy\ Audit account management Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ Audit Policy\ Audit policy change Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ Audit Policy\ Audit privilege use
Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ Audit Policy\ Audit process tracking Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ Audit Policy\ Audit system events Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ Audit Policy\ Audit object access Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ Audit Policy\ Audit directory service access Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ Security Options\ Network security: LAN Manager authentication level Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ Security Options\ Network security: Do not store LAN Manager hash value on next password change User Configuration\ Windows Settings\ Internet Explorer Maintenance\ Security\ Security Zones and Content Ratings User Configuration\ Windows Settings\ Internet Explorer Maintenance\ Security\ Authenticode Settings Computer Configuration\ Administrative Templates\ Windows Components\ Internet Explorer\ Pop-up allow list
User Configuration\ Administrative Templates\ Windows Components\ Internet Explorer\ Pop-up allow list Computer Configuration\ Windows Settings\ Security Settings\ Software Restriction Policies User Configuration\ Windows Settings\ Security Settings\ Software Restriction Policies Computer Configuration\ Administrative Templates\ Network\ Offline Files\ Prohibit user configuration of Offline Files Computer Configuration\ Administrative Templates\ Network\ Offline Files\ Encrypt the Offline Files cache User Configuration\ Administrative Templates\ Network\ Offline Files\ Prohibit user configuration of Offline Files Computer Configuration\ Windows Settings\ Security Settings\ Public Key Policies\ Encrypting File System -> Properties -> Allow users to encrypte files using EFS Computer Configuration\ Administrative Templates\ Network\ Network Connections\ Windows Firewall Computer Configuration\ Administrative Templates\ System\ Group Policy\ User Group Policy loopback processing mode Computer Configuration\ Administrative Templates\ Windows Components\ Windows Update\ Configure Automatic Updates Computer Configuration\ Administrative Templates\ Windows Components\ Windows Update\ Specify intranet Microsoft update service location
- Replace - Merge
Computer Configuration\ Administrative Templates\ Windows Components\ Windows Update\ Enable client-side targeting Computer Configuration\ Windows Settings\ Security Settings\ IP Security Policies on Active Directory() Computer Configuration\ Windows Settings\ Security Settings\ Wireless Network (IEEE 802.11) Policies Computer Configuration\ Windows Settings\ Security Settings\ Public Key Policies\ Autoenrollment Settings User Configuration\ Windows Settings\ Security Settings\ Public Key Policies\ Autoenrollment Settings
Remark
To disable the local Administrator account. Under Safe Mode boot, the Administrator account is always enabled, regardless of this setting
SMB signing
SMB signing
SMB signing
SMB signing
LDAP signing
LDAP signing
To log account authentication related events. - On DC, when using domain account - On local, when using local account To audit each logon/logoff
eg. changes to user rights assignment policies, audit policies, or trust policies
audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access audit when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log eg. file, folder, registry key, printer access