Microsoft Exam MD:100 Windows 10 Certification Guide
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Configuring local policies

A group policy controls the environment of user accounts and computer accounts. A set of group policies is called a Group Policy Object (GPO). And one set of a group policy is called a Local Group Policy (LGPO). The difference between group policy objects and the local group policy is that GPOs are managed centrally and distributed across the Active Directory members, and an LGPO is managed decentrally and is intended for members without Active Directory, for example, standalone computers.

GPOs are processed in the following order:

  • Local
  • Site
  • Domain
  • Organizational Unit

Local policies are becoming effective when a user is logging in to a Windows 10 device. In this local policy, you can configure user settings and/or computer settings. For example, you can configure policies that implement auditing, specify user rights, and set security options. These three settings will be handled in the next sections.

Configuring the Audit Policy

The audit policy is used to provide information about basic audit policies of user actions on a Windows 10 device. These actions are recorded as a successor as a failure event. Auditing allows you to create a history of tasks and actions, such as file access and successful login attempts. Auditing can be also used for security violations. To configure the audit policy, three components are involved. These components are as follows:

  • Enable auditing for success or failure (or both) for specific actions and events.
  • Enable auditing for object access, such as file system files and folders.
  • To view the results of auditing in the security log, you can use the Event Viewer.

To configure an audit policy to monitor, in this example, account logon events, follow these steps:

  1. Click Start and type Secpol.msc.
  2. Click on Local Security Policy.
  3. In the Local Security Policy window, click on the Local Policies | Audit Policy tab.
  4. Double-click on Audit account logon events.
  5. In the Audit account logon events Properties window, check the Success and Failure boxes:
    Figure 6.4 - The Audit account logon event Properties window

    Figure 6.4 - The Audit account logon event Properties window

  6. Then, click OK.
  7. Log off from the device and log back in with an Administrator account, but with the wrong password, so you will generate a failure event.
  8. Log in again, but now with the correct password.
  9. Click Start and search for the Event Viewer.
  10. Click on Event Viewer.
  11. In the Event Viewer, expand Windows Logs and select the Security log.
  12. You should see an event with an Event ID of 4776.
  13. Open this event and note the error message, as shown in the next screenshot:
Figure 6.5 - The event log of the logon failure

Figure 6.5 - The event log of the logon failure

Now you know how to configure audit account logon events, we can proceed to specify and grant a user the right to perform a volume maintenance task.

Specifying user rights

User rights are used to determine which rights are applied to a user or to a group of users and are applied to the local Windows 10 device. These rights allow users to perform tasks on a Windows 10 device and can override permissions that have been set on specific objects. Some of the activities that you can specify for a user are as follows:

  • Adding workstations to domain
  • Allowing logon locally
  • Allowing logon through Remote Desktop Services
  • Backing up files and directories
  • Changing the time zone
  • Performing volume maintenance tasks
  • Taking ownership of files or other objects

In the next steps, we will configure the Perform volume maintenance tasks set for a user:

  1. Click Start and type Secpol.msc.
  2. Click on Local Security Policy.
  3. In the Local Security Policy window, click on the Local Policies | User Rights Assignment tab.
  4. Double-click on the Perform volume maintenance tasks user right:
    Figure 6.6 - The Perform volume maintenance tasks Properties window

    Figure 6.6 - The Perform volume maintenance tasks Properties window

  5. Click on Add User or Group, and the Select Users or Groups dialog box opens.
  6. Search for the user you want to give this right to and click twice on OK.
  7. Now you have selected another user to perform this task, as shown in the next screenshot:
Figure 6.7 - The user is added to perform a task

Figure 6.7 - The user is added to perform a task

In the previous steps, you have specified a user right to a user or group. In the next section, we will look at the Security Options that you can configure.

Configuring Security Options

There are many options to configure in the Security Options section of the Local Security Policy. These options are used to allow or deny activities on a Windows 10 device.

The Accounts: Block Microsoft accounts, Devices: Restrict CD-ROM access to locally logged-on user only, User Account Control: Behavior of the elevation prompt for standard users, and Shutdown: Clear virtual memory pagefile settings are a few options that you can configure to allow or deny activities. They describe the best practices for the respective security policy setting.

The following screenshot shows you the Security Options settings window:

Figure 6.8 - The Security Options policy window

Figure 6.8 - The Security Options policy window

From the previous screenshot, almost all of the Security Options settings have their default setting set to Not Defined. Once configured, a setting can have the following statuses:

  • Enabled or Disabled
  • Text entry
  • Value

My advice is to go through the list of the Security Options, so you are aware of what you can configure.

Now, you know how you can configure and understand some local policies; up next, you will learn how to implement the local policies, and you will create some local account policies such as account lockout and password complexity.

上一章目录下一章