This article can also be found in the Premium Editorial Download "Information Security magazine: Everything you need to know about today's information security trends."
Download it now to read this article plus other related content.
3 CONFIGURE A LOCAL SECURITY POLICY
Many administrators make the mistake of neglecting to use local computer level group policies. The reason these policies are seldom used is because as soon as a user logs on, the settings in a local security policy are typically overwritten by policy settings contained in the domain, site and OU level policies. Even so, it is important to use local security policies because otherwise the computer is left unprotected until a user logs in to a domain and the Active Direc- tory level policies are applied.
The good news is that configuring the local security policy for Windows XP clients is easier than one might expect. In fact, Microsoft even offers some free security templates that are available via download at www.microsoft.com/downloads. These templates are designed to automatically implement various security settings such as password length or complexity requirements to comply with Microsoft's recommended best practices. All an administrator has
| to do is pick the security template that best meets the company's needs, make any desired modifications to it, and apply it to the workstations.
To use the security templates, which are part of the Windows XP Security Guide, download the guide and extract its contents to your My Documents folder. Next, open My Computer and then choose the Folder Options command from the window's Tools menu. Then clear the Hide Extensions for Known File Types check box, and click OK.
Now, open the My Documents folder and navigate to the Windows XP Security GuideTools and TemplatesSecurity GuideStand Alone Clients folder. Note that each of the template files ends in the .TXT extension. This is a safeguard to prevent an administrator from accidentally applying a security template. Now, remove the .TXT extension, and copy the template files to a safe location where they will not be accidentally executed. For example, the SA Enterprise XP Client--Desktop.cmd.txt file could be renamed SA Enterprise XP Client--Desktop.cmd.
To apply a security template, log on to the machine that you want to apply the security settings to--with administrative permissions--and then double-click on the preferred template file. Keep in mind that there are several different security template files, and each applies a different level of security. It is extremely important to read the full descriptions of these files in the Windows XP Security Guide and figure out which template is right for your organization prior to applying one. Odds are that no one template is going to be a perfect fit, but the guide shows how to modify the template files to better meet an organization's needs.
This was first published in July 2008