Skip to Main Content
Windows Server 2008: The Definitive Guide
book

Windows Server 2008: The Definitive Guide

by Jonathan Hassell
March 2008
Beginner to intermediate content levelBeginner to intermediate
494 pages
13h 4m
English
O'Reilly Media, Inc.
Content preview from Windows Server 2008: The Definitive Guide

Locking Down Windows

Multiuser systems are security holes in and of themselves. The simplest systems—those used by only one person—are the easiest ones to secure because there's much less diversity and variance of usage on the part of one person than there is on the part of many. Unfortunately, most of our IT environments require multiple user accounts, so the following section focuses on some prudent ways to lock down Windows systems, including Windows Server 2008 machines and associated client workstation operating systems.

Password Policies

Long passwords are more secure, period. As you might suspect, there are more permutations and combinations to try when one is attempting to crack a machine via brute force, and common English words, on which a dictionary attack can be based, are generally shorter than eight characters in length. By the same token, passwords that have not been changed in a long time are also insecure. Although most users grudgingly change their passwords on a regular basis when encouraged by administrators, some accounts—namely the Administrator and Guest accounts—often have the same password for life, which makes them an easy target for attack.

To counter these threats, consider setting some basic requirements for passwords. To set these restrictions on individual workstations and Windows Server 2008 member servers, follow these steps:

  1. Open the MMC and navigate to the Local Security Policy snap-in. You usually access this by selecting Start → All Programs → Administrative ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

The Complete Guide to Windows Server 2008

The Complete Guide to Windows Server 2008

John Savill

Publisher Resources

ISBN: 9780596514112Errata Page