Understanding Windows Vista Security
The baseline security configuration of a computer running Windows Vista is differ-
ent from that of a computer running Windows XP Professional. In Windows Vista,
baseline computer security is enhanced by several key modifications to the security
settings for local policies. You can manage security settings for local policies on an
organization-wide basis using Active Directory Group Policy or for individual com-
puters using Local Group Policy.
To manage Active Directory Group Policy, you can use the Group Policy Object Edi-
tor (GPOE) or the Group Policy Management Console (GPMC). To manage Local
Group Policy on a local computer, you can access security settings using the Local
Security Policy console. The sections that follow look at security changes that affect
Password Policy, User Rights Assignment, and Security Options.
Identifying Password Policy Changes
Password policies control security for passwords. You can follow these steps to
access Password Policy in the Local Security Policy console:
1. Click Start, and then click Control Panel.
2. In the Control Panel, click System and Maintenance and then click Administra-
3. Double-click Local Security Policy.
4. As shown in Figure 24-1, expand the Account Policies node in the left pane and
then click the Password Policy node.
Table 24-1 compares the default Password Policy in Windows Vista with the policy
assigned in Windows XP. The default settings for Windows Vista are set for all com-
puters that are part of a domain. Likewise, the default settings for Windows XP are
for all computers that are part of a domain.