Manage consent. Close Privacy Overview This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website.
These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But today, most computers sold are laptops, and increasing numbers of people take their primary computer with them when they leave the office for the day.
Unfortunately, once people take their computers out of the protected glasshouse that is your internal network, all sorts of bad things can happen to them. Malware, which might have been blocked by the external firewall, will be inadvertently downloaded on the home ADSL connection. Computers that you were able to keep completely healthy when they were under your control are now exposed on a daily basis to all manner of Internet nasties.
Accounts Policies define restrictions, requirements, and parameters for the Password, Account Lockout, and Kerberos policies. To access Accounts Policies, follow these steps:. The six options allow you to control the requirements for user passwords. The higher you raise the bar in each of the six options, the stronger the password requirements become, thereby making it increasingly less likely that brute-force attacks will succeed against your system.
In the following list, we briefly explain each option, spell out the default setting, and recommend the most appropriate settings for general use:. The next policy in Account Policies is the Account Lockout Policy, which governs when user accounts are locked out because of repeated failed logon attempts. Lockout prevents brute-force logon attacks in which every likely or possible password is attempted by turning off user accounts.
The options are as follows:. The last policy in Account Policies is the Kerberos Policy, which governs the activity of secured communication sessions. Kerberos is an advanced network authentication protocol. Using Kerberos, clients can authenticate once at the beginning of a communications session and then perform multiple tasks during that session without having to authenticate again. Kerberos is used to prove the identity of a client and a server to each other. After such identity verification occurs, communications can occur without repeating this process or at least until the communications link is broken.
For more information on establishing a secure baseline in Windows Server , please download the Microsoft Windows Server Security Guide and visit the Microsoft Security Web site www.
Whether you enable software controls to restrict passwords, we recommend that you include the following elements in your organization's security policy regarding passwords:. Through a combination of Windows Server enforced password restrictions and company security policy rules, you can improve the security of your system through the use of strong passwords.
Type gpmc. Double-click your forest name to expand its settings. Expand Domains, select your domain name once more, and double-click to expand. The Group Policy Management Console appears. An additional dialog box may also appear, stating that you've selected a link to a Group Policy Object GPO and that any changes made here are exercised globally wherever this GPO is linked except for changes to link properties.
0コメント