Security Options. The Security Options section of Group Policy configures computer security settings for digital data signatures, Administrator and Guest account names, access to floppy disk and CD drives, driver installation behavior, and logon prompts. You can configure the security options settings in the following location within the Group Policy Object Editor: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options. The Security Options item of Group Policy contains the following policies: Accounts: Administrator account status. This policy setting enables or disables the Administrator account for normal operational conditions.

Security Options. The Security Options section of Group Policy configures computer security settings for digital data signatures, Administrator and Guest account names, access to floppy disk and CD drives, driver installation behavior, and logon prompts. You can configure the security options settings in the following location within the Group Policy Object Editor: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options. The Security Options item of Group Policy contains the following policies: Accounts: Administrator account status. This policy setting enables or disables the Administrator account for normal operational conditions.

If you start a computer in Safe Mode, the Administrator account is always enabled, regardless of how you configure this policy setting. Possible values: Enabled. Disabled. Not Defined. Vulnerability. The built- in Administrator account cannot be locked out no matter how many failed logons it accrues, which makes it a prime target for brute force attacks that attempt to guess passwords. Also, this account has a well- known security identifier (SID), and there are non- Microsoft tools that allow authentication by using the SID rather than the account name.

Therefore, even if you rename the Administrator account, an attacker could launch a brute force attack by using the SID to log on. All other accounts that are members of the Administrator's group have the safeguard of locking the account out if it has exceeded the maximum number of failed logons. Countermeasure. Disable the Accounts: Administrator account status setting so that the built- in Administrator account cannot be used in a normal system startup. If it is very difficult to maintain a regular schedule for periodic password changes for local accounts, you may want to disable the built- in Administrator account instead of relying on regular password changes to protect it from attack.

Potential impact. Maintenance issues can arise under certain circumstances if you disable the Administrator account. For example, if the secure channel between a member computer and the domain controller fails in a domain environment for any reason and there is no other local Administrator account, you must restart in Safe Mode to fix the problem that caused the secure channel to fail. If the current Administrator password does not meet the password requirements, you cannot re- enable the Administrator account after it is disabled. If this situation occurs, another member of the Administrators group must set the password on the Administrator account with the Local Users and Groups tool.

Information about Windows XP, Vista, Windows 7 and 8 including tweaks, slipstreaming, install, registry, and forum for all Windows versions. Windows Memory Diagnostics Tool is a very useful troubleshooting application included in the Windows operating system. There are times when your computer might start. The Windows Client Monitoring Management Pack is built to detects, diagnose, and resolve hardware and software problems pertaining to Client 2000, XP, Vista, and. We offer you challenging and rewarding work, generous benefits, and a commitment to help you grow professionally. If you are dedicated to your work, committed to. Windows 7 compatibility improved for hardware in terms of finding and installing drivers, but you need to be aware of software incompatibilities as well. Acer eRecovery Management: The new version of Acer eRecovery Management, which is compatible with Windows Vista ®, requires repartitioning your hard disk drive. New Windows Vista Applications and Tools. Disk Cleanup is one of the applications that haven't change much over the years.

Accounts: Guest account status. This policy setting enables or disables the Guest account. Possible values: Enabled. Disabled. Not Defined.

Vulnerability. The default Guest account allows unauthenticated network users to log on as Guest with no password. These unauthorized users could access any resources that are accessible to the Guest account over the network. This capability means that any shared folders with permissions that allow access to the Guest account, the Guests group, or the Everyone group will be accessible over the network, which could lead to the exposure or corruption of data. Countermeasure. Disable the Accounts: Guest account status setting so that the built- in Guest account cannot be used. Potential impact. All network users will need to be authenticated before they can access shared resources. If you disable the Guest account and the Network Access: Sharing and Security Model option is set to Guest Only, network logons, such as those performed by the Microsoft Network Server (SMB Service), will fail.

This policy setting should have little impact on most organizations because it is the default setting in Microsoft Windows. If you enable this policy setting, a local account must have a non- blank password to perform an interactive or network logon from a remote client. Possible values: Enabled.

The in-built Hardware and Devices Troubleshooter in Windows 10/8/7 will help you troubleshoot, find and fix your hardware problems and issues.

Disabled. Not Defined. Vulnerability. Blank passwords are a serious threat to computer security and should be forbidden through both organizational policy and suitable technical measures.

Driver Verifier monitors Windows kernel-mode drivers and graphics drivers to detect illegal function calls or actions that might corrupt the system. If your Lexar jump drive is not recognized after using USB ports in the back panel of the computer to.

In fact, the default settings for Windows Server 2. Active Directory. However, if users with the ability to create new accounts bypass your domain- based password policies, they could create accounts with blank passwords. For example, a user could build a stand- alone computer, create one or more accounts with blank passwords, and then join the computer to the domain. The local accounts with blank passwords would still function. Anyone who knows the name of one of these unprotected accounts could then use it to log on. Countermeasure. Enable the Accounts: Limit local account use of blank passwords to console logon only setting.

Potential impact. None. This is the default configuration.

Accounts: Rename administrator account. This policy setting determines whether a different account name is associated with the SID for the Administrator account. Possible values: User- defined text. Not Defined. Vulnerability. The Administrator account exists on all computers that run the Windows 2. Windows Server 2. Windows XP Professional operating systems.

If you rename this account, it is slightly more difficult for unauthorized persons to guess this privileged user name and password combination. In Windows Vista, the person who installs the operating system specifies an account that is the first member of the Administrator group and has full rights to configure the computer. The account may not have the name Administrator, so this countermeasure is applied by default on new Windows Vista installations. If a computer is upgraded from a previous version of Windows to Windows Vista, the account with the name Administrator is retained with all rights and privileges that were defined for the account in the previous installation. The built- in Administrator account cannot be locked out, regardless of how many times an attacker might use a bad password.

This capability makes the Administrator account a popular target for brute force attacks that attempt to guess passwords. The value of this countermeasure is lessened because this account has a well- known SID, and there are non- Microsoft tools that allow authentication by using the SID rather than the account name. Therefore, even if you rename the Administrator account, an attacker could launch a brute force attack by using the SID to log on. Countermeasure. Specify a new name in the Accounts: Rename administrator account setting to rename the Administrator account. Potential impact. You need to provide users who are authorized to use this account with the new account name. Because the account name is well known it provides a vector for a malicious user to get access to network resources and attempt to elevate privileges or install software that could be used for a later attack on your system.

Countermeasure. Specify a new name in the Accounts: Rename guest account setting to rename the Guest account. If you rename this account, it is slightly more difficult for unauthorized persons to guess this privileged user name and password combination. Potential impact. There should be little impact, because the Guest account is disabled by default in Windows 2.

Windows XP, Windows Vista, and Windows Server 2. Audit: Audit the access of global system objects. If you enable this policy setting, a default system access control list (SACL) is applied when the computer creates system objects such as mutexes, events, semaphores, and MS- DOS.

If you also enable the Audit object access audit setting, access to these system objects is audited. Global system objects, also known as . These objects are most commonly used to synchronize multiple applications or multiple parts of a complex application.

Because they have names, these objects are global in scope, and therefore visible to all processes on the computer. These objects all have a security descriptor but typically have a NULL SACL. If you enable this policy setting at startup time, the kernel will assign a SACL to these objects when they are created. Possible values: Enabled.

Disabled. Not Defined. Vulnerability. A globally visible named object, if incorrectly secured, could be acted upon by malicious software that knows the name of the object. For instance, if a synchronization object such as a mutex had a poorly chosen discretionary access control list (DACL), then malicious software could access that mutex by name and cause the program that created it to malfunction. However, the risk of such an occurrence is very low. Countermeasure. Enable the Audit: Audit the access of global system objects setting.

Potential impact. If you enable the Audit: Audit the access of global system objects setting, a large number of security events could be generated, especially on busy domain controllers and application servers. Such an occurrence could cause servers to respond slowly and force the Security log to record numerous events of little significance. This policy setting can only be enabled or disabled, and there is no way to choose which events are recorded. Even organizations that have the resources to analyze events that are generated by this policy setting would not likely have the source code or a description of what each named object is used for.

Therefore, it is unlikely that most organizations would benefit by enabling this policy setting. Audit: Audit the use of Backup and Restore privilege. This policy setting enables or disables auditing of the use of all user privileges, including Backup and Restore, when the Audit privilege use setting is in effect. If you enable both policy settings, an audit event is generated for every file that is backed up or restored. If you enable this policy setting in conjunction with the Audit privilege use setting, any exercise of user rights is recorded in the Security log. If you disable this policy setting, actions by users of Backup or Restore privileges are not audited, even if Audit privilege use is enabled.