» overview
» our staff
» web services
» telecommunication
» research computing
» policies
» windows security
» documents
» desktop support
» licensed software
» campus resources
| Action | Advantage | Disadvantages |
| Rename
administrator account more |
Makes it harder to guess username/password | Would make it more difficult to administer for CompSrv |
| Min.
password length of 8 characters more |
Harder passwords to guess | Would probably lead to more user password problems |
| Password
Age of 45 days more |
Frequent changes make password guessing more difficult | Would probably lead to more user password problems |
| Protect
registry keys more |
Restricts access to important registry keys from local users | Some programs may need access to keys to run |
| Enforce
strong user passwords more |
Would require at least 3 of following: uppercase, lowercase, numbers, punctuation | Would probably lead to more user password problems |
| Restrict
boot process (via BIOS) more |
Only authorized users could boot computer | Prevents normal restarts in event of power failure |
| Require
logon to shutdown computer more |
Only authorized users could shut the system down normally | Makes shutting down a longer process if not already logged in; encourages people to not shut down properly (only effective when computer can not be reset by switch) |
| Control
access to removable media more |
Allows sensitive data to be transferred to or from media without anything else being able to access it | Prevents programs from accessing floppies and CD-ROMs |
| Clean
system page files on shutdown more |
Destroys any sensitive information remaining from processor memory | Only works if shutdown is normal |
| Disable
logon caching more |
Prevents access to user credentials at local system | Requires working network/server to log in; causes logging in to take longer |
| SMB
signing more |
Mutual authentication limiting "man-in-the-middle" attacks | Slows CPU performance; all related systems must have SMB signing if required |
| Remove
Server / Workstation from network browsing list more |
Obscures computers existence | Makes system hard to find, when browsing network |
| Enhance
Security Account Manager protections more |
Encrypts SAM with 128bit encryption | Prevents administrator access to password derivatives |
| Disable
use of LanManager password hash more |
Limits/prevents sending of more vulnerable LM password hashes | Prevents access from Win95/98 clients |
| Enable
security auditingof logons, file access, etc more |
Logs security and system events | Requires monitoring |