How to Extract IDs and Security Policy from Windows Servers when Conducting Security Assessment

Security Policy for Windows Server

One of the cardinal earth to another look is the security policy of your Machine or server. Provided you select a closer attending at PCs or servers that get been operating for a distant time, you may bargain IDs that are not required. These IDs may bear convincing access to your files expressly whether they are in the administrator group.

Another world to trial is the password policy allot in the Windows Operating Course i.e. password is required, no expiration, minimum password length. Impotent or IDs without passwords are an unlatched invitation for intruder to hack into your pc systems.

Step 1 How to extract IDs and Security Policies From the Windows Server.

a) I bag a neat clear baggage called Somarsoft ACL.

b) Install the effects and Pace DumpSec program.

c) Extract the permissions of user, group, case system, registry, password policy and other clue you jewel useful.

Step 2 Cross research the IDs with the Administrator

a) Once you carry extracted these information, cross evaluation with the administrator if all the IDs and password policy extracted from the part are certain and necessary.

b) Delete or disable the chance IDs and enforce the stronger password policy.

c) As well lock on that single IDs that are certainly required are active and enforce a beefy password policy using Windows Active Directory. e.g. heterogeneous alphanumeric password, 180 days password expiration. As for Computer dash off decided the administrator password is changed and alone noted by yourself/office administrator.

d) Each else should operate basic IDs.

e) Activate password for the shade saver to lock the Personal computer screen when there is no exercise for divulge 10 minutes.

f) Teach all users on the accent of personal computer security.

g) One of the reminders I normally spotlight is bring about not hand passwords and conclude not stick the password in front of the machine scanner for all to view. ( I admit observed "this sticking password on the monitor" fully a infrequent extent in my rounds of IT Auditing for corporates !).

From materials of: http://ezinearticles.com/
Published: February 12, 2008

Keywords:

password, password policy, password monitor, password front, password shade, trial password, password password, password changed, password length, password required
Last relative articles:
Comments: [0] / Post comment:
05 Feb 2012 08:36:32

Crazy World: Woman who slept with 1000-plus men was man once - Emirates 24/7

Crazy World: Woman who slept with 1000-plus men was man once Emirates 24 7 The message - addressed to law enforcement officials in the UK, Ireland, the Netherlands, Sweden and France - contained a phone number and password for accessing the call. A law enforcement official, speaking on condition of anonymity because the ...
Detail: http://emirates247.com/offbeat/crazy-world/crazy-world-woman~.441167
05 Feb 2012 05:05:29

Owosso Musicale announces student award competition - Argus Press

Owosso Musicale announces student award competition Argus Press How do I get my Member ID password if I am a print subscriber? How do I get my Member ID password if I am an online-only subscriber? Once you have registered and subscribed, your registered Screen Name and Password will grant you access to all of the ...
Detail: http://argus-press.com/arts_and_entertainment/article_3aa6b7~.html
05 Feb 2012 04:16:08

Password Check - New York Times

Password Check New York Times Please try again by retyping these words: Your password has been reset. To retrieve your password , answer the following security question: What was the name of your first dog? Incorrect. That was the name you gave your dog.
Detail: http://nytimes.com/interactive/2012/02/05/opinion/sunday/201~.html
Hotesite.com © 2007 Security Master "Site Guard and Security"