Use the newer Fine-Grained Password Policies instead. Unfortunately, traditional group policy settings accept a maximum value of only 14 characters when setting the minimum password size. (It’s zero characters by default, so you’ll have to specify this requirement.) Anything else is accepting unnecessary risk. Get there, and it closes all sorts of backdoors. To be truly secure, 15 characters is the magic number in the Windows authentication world. Windows passwords aren't even close to secure until they are 12 characters long. Your minimum password length for regular users should be at least 12 characters - 15 characters or longer for elevated user accounts. Don't allow Windows to store them on disk, where a hacker hash dump tool would find them. LM password hashes are easily convertible to their plaintext password equivalents. Unless you have ancient (that is, more than 10 years old), unpatched systems, there's rarely a reason to use the older protocols. By default, most Windows systems will accept all four protocols. The LM (LAN Manager) and NTLMv1 authentication protocols have vulnerabilities. It grants a fair amount of access on a Windows computer and has no password. One of the worst things you can do is to enable this account. Renaming the Administrator account is not automatic, so you’ll have to do it yourself. If the bad guys don't know the name of your Administrator account, they'll have a much harder time hacking it. ![]() Each of these falls under the Computer Configuration\Windows Setting\Security Settings leaf. ![]() Get these 10 settings right, and you'll go a long way toward making your Windows environment more secure. ![]() If they're set correctly, I know the customer is doing the right thing and my job will be easier. When I start looking at a new group policy, the first thing I do is scan these 10 settings. I am saying that 10 settings determine most of your risk - everything else is gravy. I'm not saying you should stop at these 10 since each properly configured group policy setting can reduce risk.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |