Title: Local Security Policy Recommended Changes? Post by: animal on September 08, 2011, 02:36:19 pm Hi there!
What would you recommend changing (for security reasons) from the original default settings in secpol.msc. I'm connecting directly to a modem with a single PC that's not used for file sharing or remote use etc. Thanks for any help. Regards, animal Title: Re: Local Security Policy Recommended Changes? Post by: atari on September 09, 2011, 10:33:12 am Hello,
I would recommend the following policies: Code: [b]Interactive logon: Do not require CTRL+ALT+DEL (disabled)[/b] Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system DisableCAD = 0 [b]Always use classic logon (enabled)[/b] Local Computer Policy\Computer Configuration\Administrative Templates\System\Logon HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System LogonType = 0 [b]Interactive logon: Do not display last user name (enabled)[/b] Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System DontDisplayLastUserName = 1 [b]Hide entry points for Fast User Switching (enabled)[/b] Local Computer Policy\Computer Configuration\Administrative Templates\System\Logon HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System HideFastUserSwitching = 1 [b]Store passwords using reversible encryption (disabled)[/b] Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy [b]Screen Saver (enabled)[/b] User Configuration\Administrative Templates\Control Panel\Display HKEY_USERS\.DEFAULT\Control Panel\Desktop\ScreenSaveActive = 1 [b]Screen Saver timeout (enabled, 900 sec.)[/b] User Configuration\Administrative Templates\Control Panel\Display HKEY_USERS\.DEFAULT\Control Panel\Desktop\ScreenSaveTimeOut = 900 [b]Password protect the screen saver (enabled)[/b] User Configuration\Administrative Templates\Control Panel\Display HKEY_USERS\.DEFAULT\Control Panel\Desktop\ScreenSaverIsSecure = 1 [b]Configure Automatic Updates (enabled; 4 – Auto download and schedule)[/b] Local Computer Policy\Computer Configuration\Adinistrative Templates\Windows Components\Windows Update HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU NoAutoUpdate= 0 AUOptions = 4 [b]Automatic Updates detection frequency (enabled; 16 hours)[/b] Local Computer Policy\Computer Configuration\Adinistrative Templates\Windows Components\Windows Update HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU DetectionFrequency = 16 DetectionFrequencyEnabled = 1 [b]Allow Automatic Updates immediate installation (enabled)[/b] Local Computer Policy\Computer Configuration\Adinistrative Templates\Windows Components\Windows Update HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates = 1 [b]Shutdown: Clear virtual memory pagefile (disabled)[/b] Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management ClearPageFileAtShutdown = 1 [b]User Account Control: Run all administrators in Admin Approval Mode (enabled)[/b] Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\ [b]User Account Control: Detect application installations and prompt for elevation (enabled)[/b] Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\ [b]User Account Control: Switch to the secure desktop when prompting for elevation (enabled)[/b] Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\ [b]User Account Control: Behavior of the elevation prompt for administrators in Admin Aproval Mode (Prompt for consent)[/b] Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\ [b]User Account Control: Behavior of the elevation prompt for standard users (Automatically deny elevation requests)[/b] Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\ Cheers. Title: Re: Local Security Policy Recommended Changes? Post by: animal on September 09, 2011, 11:43:27 am that's excellent.
thank you for taking the time to reply. Title: Re: Local Security Policy Recommended Changes? Post by: atari on September 12, 2011, 04:15:28 pm You are welcome.
|