Get your server issues fixed by our experts for a price starting at just 25 USD/Hour. Click here to register and open a ticket with us now!
« previous next »
Pages: [1]   Go Down

Author Topic: Windows Group Policy - Security Options part -2  (Read 6117 times)

0 Members and 1 Guest are viewing this topic.

Jithin

  • Guest
Windows Group Policy - Security Options part -2
« on: November 08, 2013, 07:39:18 pm »
Hi Guys,

Here is the security options policy settings for Windows server continuation..

Microsoft network client: Send Unencrypted Password to Connect to Third-party SMB servers -Disabled
    Microsoft Network Server: Amount of Idle Time required before Suspending a Session - 15 minutes
    Microsoft Network Server: Disconnect clients when Logon Hours Expire – Enabled
    Microsoft Network Server: Server SPN target Name Validation Level – Accept if Provided by Client or Required from Client
    Microsoft Network Server: Digitally Sign Communications (always) – Enabled

    Network Access: Allow anonymous SID/name translation – Disabled
    Network Access: Do not allow anonymous enumeration of SAM accounts – Enabled
    Network Access: Do not allow storage of passwords or credentials for network authentication – Enabled
    Network Access: Let Everyone Permissions Apply to Anonymous Users - Disable
    Network Access: Named Pipes that can be Accessed Anonymously – Set to Null, review system functionality
    Network Access: Remotely Accessible Registry Paths and Sub-paths - Set to Null, review system functionality
    Network Access: Shares that can be Accessed Anonymously - <no one>
    Network Access: Sharing and Security Model for Local Accounts – For Network Servers, ‘Classic – local users authenticate as themselves’. On end-user computers, ‘Guest only – local users authenticate as guest’
    Network Security: Allow Local System NULL session fallback – Disabled
    Network Security: Allow Local System to use computer identity for NTLM – Enabled
    Network Security: Allow PKU2U authentication requests to this computer to use online identities - Disabled
    Network Security: Do not store LAN Manager Hash value on Next password Change – Enabled
    Network Security: Force Logoff when Logon Hours Expire - Enabled
    Network Security: LAN Manager authentication level - Send NTLMv2 response only\refuse LM & NTLM
    Network Security: LDAP Client Signing Requirements - Negotiate Signing
    Network security: Minimum session security for NTLM SSP based (including secure RPC) clients - Require NTLMv2 session security
    Network security: Minimum session security for NTLM SSP based (including secure RPC) servers - Require NTLMv2 session security

    Domain controller: LDAP server signing requirements - Require signing
    Domain controller: Refuse machine account password changes - Disabled

Feel free to tune this as per your requirements.

Thank you for stopping by.
Logged
Pages: [1]   Go Up
« previous next »