Scribd
Upload
70 views

Microsoft Windows Security: Checklist

This document provides a checklist for improving security on Microsoft Windows systems. It outlines policies and configurations for account lockout, auditing, passwords, user rights assignments, and additional protections. Key steps include enforcing strong passwords, auditing account and system events, limiting who can log on locally, and disabling or uninstalling unused applications and users. The goal is to monitor access points, tightly control accounts and privileges, and protect the organization's property and data.

Uploaded by

swapan555
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
70 views

Microsoft Windows Security: Checklist

This document provides a checklist for improving security on Microsoft Windows systems. It outlines policies and configurations for account lockout, auditing, passwords, user rights assignments, and additional protections. Key steps include enforcing strong passwords, auditing account and system events, limiting who can log on locally, and disabling or uninstalling unused applications and users. The goal is to monitor access points, tightly control accounts and privileges, and protect the organization's property and data.

Uploaded by

swapan555
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 7

Microsoft Windows Security: Checklist

Security control

Step
1
2
3
4
5
6

Parameters
V
All the entry points and gates should be monitored.
All person entering and exiting should go through security
check point.
The organization premises should be Fireproofed
Alarm system should be properly working.
The organization's property should use guard staff.
The area of the organization should be properly covered under
cctv surveillance.
defined.

Account Lockout Policy


Step

1 hour or more.
2
Account lockout threshold
0 invalid login

attempts.
Between 3 and 10.
3
Reset account lockout counter after.

Policy
Default
Recommended
1
Account lockout Duration.
Not

defined.

Not
Between 10-40 minutes.

Audit Policy
Steps

Policy
Default
Recommended
1
Account Logon Events.

Success

Auditing.

Auditing.

Success, Failure
2
Account
Management.
No
Success, Failure
3
Directory Service access.
No
Success, Failure

Success

Object access
Success

Policy change
No Auditing

No Auditing

System Event
No Auditing

Process tracking
No Auditing

4
Logon Events
Success, Failure
5
Success, Failure
6
Success
7
Privilege Use
Success, Failure
8
Success
9
Success, Failure

Password Policies
Steps

Policy
Default
Recommended
1

Enforce
Password
History
24
15 or more
2
Maximum password age
45days
30 or less for technical users.60 less for non-technical users.

Characters

3
Minimum Password length
7
12 or more characters.
4
Password should be complex.

Disabled.

Enabled. Use custom passfilt.dll.


5
Minimum Password age
1 Day
1 Day or more.
6
Store password using reversible encryption.
Disabled
Users Rights Assignments
Steps

Enable.

Policy
Default
Recommended

1
Access this computer from network
Administrators, Backup operators, Power users.
Administrators, Authentic Users,
2
Act as the art of operating system.
Not defined

No users.

3
Add
workstations to domain.
Not Defined

Administrators
4
Adjust memory quotas for a process
Administrators, Network service, Local service.
Not defined
5
Allow Logon locally.
Administrators, Backup operators, Power users.

Administrators.
6
Allow logon through terminal service.
Administrators and remote desktop users.
Administrators.
7
Change the system time
Administrators and Power users.
Administrators,
8
Debug

Administrators

Programs
No Users.

Additional Security Protection


Steps

4
5
6
7

Policy
1
Disable or uninstall unused
applications.
2
Disable or delete unused users.
3
Configure user rights as secure
as possible.
Ensure all volumes are using NTFS file system.
Use the internet connection firewall or other methods
to limit connection to the system.
Configure file system permissions.
Configure register permissions

You might also like