Guidelines for Designing Security Shrines

Comments Off on Guidelines for Designing Security Shrines

In addition to making a decision about certain security 70-291 items, follow these guidelines when designing security templates: Set a strong password policy for local account databases. Domain password policies are set in the default GPO linked to the domain. However, local accounts on clients use the password policy in the GPO linked to the OU in which the computer account resides. Even if local accounts are not used, they exist. A password policy should be assigned to the baseline security template that provides a strong password policy for local accounts.

Restrict remote access by granting the Access This Computer From The Network right to Administrators and Users. Doing this will prevent anonymous access and also override attempts by applications that grant this right to the Everyone group or other groups.


Best Comptia A+ Training, Comptia A+ Certification at

This powerful right can be abused to gain access to sensitive system information and components. Attacks exist that can exploit this right to grab hashed passwords and other security information. Enabling this setting will not inhibit developers from using free Microsoft practice tests application debugging utilities such as those included with Microsoft Visual Studio .NET.

Grant this right only to Administrators or those authorized to repair and maintain systems. Anyone who can shut the system down remotely can cause a denial of service (DoS) attack and might be able to cause data loss or complete other attacks that require a reboot.

Ensure the security of the Security Event log Enable the Event Log setting Prevent Local Guests Group From Accessing Security Log in Group Policy. By default, the Guests group does not have access to the Security Event log. However, including this setting in policy ensures that it will remain that way. Set the security log retention method to As Needed, and monitor the log to ensure that it is archived, it is cleared periodically, and no events are lost.

Follow recommendations for using security options Security options provide the ability to easily enable and disable security functions on client computers.


Several of the security options are long-standing security guidelines for Windows systems, and others are newer and might not be present in all Free Security+ practice exams versions of Windows.