Options
Recommendations for local group policy settings for Windows 7 Pro box?
JockVSJock
Member Posts: 1,118
in Off-Topic
So I've built a new Windows Pro 7 box for my parents, to replace their aging Win XP box.
One of the things I want to do is lock it down with local group policy, so they don't shoot themselves in the foot, however would still like to give some freedom on the box.
Right now, I'm installing software/updates, shutting off unnecessary services thanks to Black Viper.
I'm digging into the Local Group Policy, done a few searches online, however was wondering what others would recommend in order to make the box a bit more secure.
Some of the things I've already tweaked from local group policy
-renamed both guest and administrator local account
-minimum password length 8 characters
-turned on some of the auditing policies
Any other recommendations?
thanks
One of the things I want to do is lock it down with local group policy, so they don't shoot themselves in the foot, however would still like to give some freedom on the box.
Right now, I'm installing software/updates, shutting off unnecessary services thanks to Black Viper.
I'm digging into the Local Group Policy, done a few searches online, however was wondering what others would recommend in order to make the box a bit more secure.
Some of the things I've already tweaked from local group policy
-renamed both guest and administrator local account
-minimum password length 8 characters
-turned on some of the auditing policies
Any other recommendations?
thanks
***Freedom of Speech, Just Watch What You Say*** Example, Beware of CompTIA Certs (Deleted From Google Cached)
"Its easier to deceive the masses then to convince the masses that they have been deceived."
-unknown
"Its easier to deceive the masses then to convince the masses that they have been deceived."
-unknown
Comments
-
Options
Hyper-Me
Banned Posts: 2,059
A big thing is make sure that UAC is on, and that they dont use an administrator account whiel they are just poking around on the internet or what have you.
If they insist on using one account, change the UAC settings so they have to put in their password to make any change, even if they are using an admin account.
Why are you in the red? I dont think ive seen any rude/wrong posts by you? -
OptionsJockVSJock
Member Posts: 1,118
A big thing is make sure that UAC is on, and that they dont use an administrator account whiel they are just poking around on the internet or what have you.
Everyone is setup under either a User Account or a Guest Account.
My biggest concern is preventing software from being installed, for example, someone installed a IE7 from Myspace, because the Title Bar had Myspace written into it. I'm going to continue to look into figuring out a way that the only way software can get installed is from the Administrator account.***Freedom of Speech, Just Watch What You Say*** Example, Beware of CompTIA Certs (Deleted From Google Cached)
"Its easier to deceive the masses then to convince the masses that they have been deceived."
-unknown -
Options
TheShadow
Member Posts: 1,057 ■■■■■■□□□□
JockVSJock wrote: »Everyone is setup under either a User Account or a Guest Account.
My biggest concern is preventing software from being installed, for example, someone installed a IE7 from Myspace, because the Title Bar had Myspace written into it. I'm going to continue to look into figuring out a way that the only way software can get installed is from the Administrator account.
That is just a registry edit many ISP's do the same thing. Don't you think you are going just a little over board? I think that if my kid did that to me he would get the system back and Dell or HP would get a call. It is not like they are tied to a domain. So they have to get your permission eveytime they install an app or game? Do you pre-program their GPS too. Being one of the old guys around here I will be insulted for them.
I would recommend that you invest in Winpatrol which will tell them when they are doing something stupid or dangerous. Also MS new be all end all security set. Let them make mistakes, isn't that how we all learn? Teach them about restore points and system backups.
Standard winpatrol is free and the plus version is around 25 dollars for a life all updates license. It requires permission for any software or functions that will change the system. I consider it one of the best kept secret utilities around. Puts a little dog on your taskbar that barks at dll's programs start up changes etc. The plus version scans in real time the standard version scans every 10 minutes. Works on all versions of windows.Who knows what evil lurks in the heart of technology?... The Shadow DO