Windows NT Policies
Types of Policies
- Account policy - Determines how passwords are validated and how unsuccessful login attempts are handled.
- User Rights policy - Determines what users and groups can perform specific actions on the system.
- Audit policy - Determines the amount and type of security logging that Windows NT performs.
Individual policy overrides group policies.
Account policy and lockout Options set by the User Manager
The two main groupings are "Password restrictions" and "Account lockout". The first four items below are under "Password restrictions"
- Minimum length of a password.
- When a password expires.
- How often to change a password.
- Uniqueness of a password.
- Account lockout policy due to bad attempts such as how long the account is locked, or who is sent notices of the lockout. Includes how many bad login attempts until the account is locked, how soon the bad logon attempt counter is reset, and the lockout duration time period.
Account policy changes become effective when the user logs off and back on again.
User Rights Policies
- Shutdown the computer from a remote location - Administrators, Power users.
- Access to the computer via the network - Administrators, Power users, everyone
- Use the computer locally - All users
- Backup or restore directories and files - Administrators, backup operators
- Change time - Administrators, Power users.
- Delete or add device drivers - Administrators
- Change the security logging policy - Administrators
- Shut the system down - All users except guests
- Take file ownership - All operators
The Event Viewer allows viewing of events specified by the audit policy
Auditing must be enabled in the Audit Policy window by checking the "Audit these Events" box from the User Manager. The event viewer allows the following types of event information to be viewed.
- System - Logs system errors, driver errors, binding errors, or service failures.
- Security - Bad logon attempts.
Each message has an event ID number. A maximum size of logs and writing over of event logs can be set depending on available disk space.