CIS 170F: Windows 7 Administration

Week 7

Windows 7 Security Features
Security Policies
Local Policies

You can use Local policies to configure auditing, user rights, and security options.

  • Setting Audit Policies:
  • You can implement audit policies to track success or failure of specified user actions. You audit events that pertain to user management through the audit policies. By tracking certain events, you can create a history of specific tasks, such as user creation and successful or unsuccessful logon attempts. You can also identify security violations that arise when users attempt to access system management tasks for which they do not have permissions.

    When you define an audit policy, you can choose to audit success or failure of specific events. The success of an event means that the task was successfully accomplished. The failure of an event means that the task was not successfully accomplished. By default, auditing is not enabled, and it must be manually configured. After you have configured auditing, you can see the results of the audit in the Security log by using the Event Viewer utility.

    Audit Policy Description
    Audit Account Logon Events Tracks when a user logs on or logs off either their local machine or the domain (if domain auditing is enabled)
    Audit Account Management Tracks user and group account creation, deletion, and management actions, such as password changes
    Audit Directory Service Access Tracks directory service accesses
    Audit Logon Events Audits events related to logon, such as running a logon script or accessing a roaming profile or accessing a server
    Audit Object Access Enables auditing of access to files, folders, and printers
    Audit Policy Change Tracks any changes to the audit policies, trust policies, or user rights assignment policies
    Audit Privilege Use Tracks users exercising a user right
    Audit Process Tracking Tracks events such as activating a program, accessing an object, and exiting a process
    Audit System Events Tracks system events such as shutting down or restarting the computer, as well as events that relate to the Security log in Event Viewer

  • Assigning User Rights:
  • The user right policies determine what rights a user or group has on the computer. User rights apply to the system. They are not the same as permissions, which apply to a specific object. Some of the user rights assignment settings include:

    • Allow log on locally
    • Back up files and directories
    • Change the system time
    • Load and unload device drivers
    • Shut down the system

  • Defining Security Options:
  • You can use security option policies to configure security for the computer. Unlike user right policies, which are applied to a user, security option policies apply to the computer.Some of the security options settings include:

    • Devices: Prevent users from installing printer drivers
    • Interactive logon: Do not display last username
    • Interactive logon: Message text for users attempting to log on
    • Shutdown

    Security Option Local Setting
    Interactive logon: Message text You can display a sort of "Posted: No Trespassing" warning for users attempting to log on with this entry.
    Devices: Prevent users from Disabled by default. If you want to prevent users from installing printer drivers installing potentially untested printer and hardware drivers, check out the options for these settings.
    Audit: Shut down system A common hacker trick is to fill up audit logs with junk immediately if unable to log messages and then break in. If you want, you can have security audits Windows shut down when the Security Event Log fills. The downside is that it makes your security system a denial-ofservice risk.

Activity 7-2