802
|
Chapter 24: Understanding Windows Vista Security Changes
Interactive Logon: Number of Previous Logons to
Cache (in Case Domain Controller Is Not Available)
10 logons 10 logons
Interactive Logon: Prompt User to Change Pass-
word Before Expiration
14 days 14 days
Interactive Logon: Require Domain Controller
Authentication to Unlock Workstation
Disabled Disabled
Interactive Logon: Require Smart Card Not defined Disabled
Interactive Logon: Smart Card Removal Behavior No action No action
Microsoft Network Client: Digitally Sign Communi-
cations (Always)
Disabled Disabled
Microsoft Network Client: Digitally Sign Communi-
cations (If Server Agrees)
Enabled Enabled
Microsoft Network Client: Send Unencrypted Pass-
word to Third-Party SMB Servers
Disabled Disabled
Microsoft Network Server: Amount of Idle Time
Required Before Suspending Session
15 minutes 15 minutes
Microsoft Network Server: Digitally Sign Commu-
nications (Always)
Disabled Disabled
Microsoft Network Server: Digitally Sign Commu-
nications (If Client Agrees)
Disabled Disabled
Microsoft Network Server: Disconnect Clients
When Logon Hours Expire
Enabled Enabled
Network Access: Allow Anonymous SID/Name
Translation
Not applicable Disabled
Network Access: Do Not Allow Anonymous Enu-
meration of SAM Accounts
Enabled Enabled
Network Access: Do Not Allow Anonymous Enu-
meration of SAM Accounts and Shares
Disabled Disabled
Network Access: Do Not Allow Storage of Creden-
tials or .NET Passports for Network Authentication
Disabled Disabled
Network Access: Let Everyone Permissions Apply
to Anonymous Users
Disabled Disabled
Network Access: Named Pipes That Can Be
Accessed Anonymously
COMNAP, COMNODE, SQL\
QUERY, SPOOLSS, LLSRPC,
browser
netlogon, lsarpc, samr, browser
Network Access: Remotely Accessible Registry
Paths
(Multiple paths defined as
accessible)
(Multiple paths defined as
accessible)
Network Access: Remotely Accessible Registry
Paths and Subpaths
Not applicable (Multiple paths defined as
accessible)
Network Access: Restrict Anonymous Access to
Named Pipes and Shares
Not applicable Enabled
Table 24-3. Comparing Security Options in Windows XP and Windows Vista (continued)
Security option Default setting in Windows XP Default setting in WindowsVista