Under the Local Policies node, there is a Security Options node. There are close to 60 additional security options grouped into the following categories: accounts, audit, devices, domain controller, domain member, interactive logon, Microsoft network client, network access, network security, recovery console, shutdown, system cryptography, and system objects. In this lesson, you learn about a few of these available options.
You cannot delete the Administrator account, but you should rename the built-in Administrator account to provide a greater degree of security. You should use a name that does not identify it as the Administrator account to make it difficult for unauthorized users to break into the account. One of the account settings allows you to enter an account name to automatically rename the Administrator account.
To automatically rename the administrator account, access the security options using the Group Policy snap-in, expand Local Policies, and then select Security Options. Right-click Accounts: Rename The Administrator Account and then click Properties. Type in the new name you wish to use for the Administrator account and click OK.
By default, Windows XP Professional does not require a user to be logged on to the computer to shut it down. One of the account settings allows you to force users to log on to the computer before it can be shut down. Access the security options using the Group Policy snap-in, just as you did to configure Account Policy. Once you start the Group Policy snap-in, expand Local Policies and then select Security Options.
Right-click Shutdown: Allow System To Be Shut Down Without Having To Log On, and then click Properties. Figure 13.5 shows the Properties dialog box for the Shutdown: Allow System To Be Shut Down Without Having To Log On setting. This setting is either enabled, which is the default, or disabled. To force users to have to log on to shut down the system, select Disabled.
By default, Windows XP Professional does not clear the virtual memory pagefile when the system is shut down. In some organizations this is considered a breach of security because the data in the pagefile might be accessible to users who are not authorized to view that information. To enable this feature and clear the pagefile each time the system is shut down, start the Group Policy snap-in, expand Local Policies, and then select Security Options. Right-click Shutdown: Clear Virtual Memory Pagefile and then click Properties. As shown in Figure 13.6, this feature is either enabled or disabled. By default, it is disabled. To force Windows XP Professional to clear the pagefile when the system is shut down, select Enabled.
Windows XP Professional allows you to configure your computer so that users are required to press Ctrl+Alt+Delete to log on to the computer. By forcing users to press Ctrl+Alt+Delete, you are using a key combination recognized only by Windows. This ensures that you are giving the password only to Windows and not to a Trojan horse program waiting to capture your password.
If you are in an environment where security is not a concern, you can leave the default setting of Not Defined or you can enable the Interactive Logon: Do Not Require Ctrl+Alt+Del option. With either of these settings, users will not have to use this key combination to log on to the computer. To require users to press this key combination to log on, start the Group Policy snap-in, expand Local Policies, and then select Security Options. Right-click Interactive Logon: Do Not Require Ctrl+Alt+Del and then click Properties and click Disabled. Disable this setting if security is a concern.
By default, Windows XP Professional displays the last user name to log on to the computer in the Windows Security dialog box. In some situations this is a security risk because an unauthorized user can see a valid user account name displayed on the screen. This makes it much easier to break into the computer.
Enable Interactive Logon: Do Not Display Last User Name to prevent the last user name from being displayed in the Windows Security dialog box. In the Group Policy snap-in, click the Local Policies node in the console pane, and then click Security Options. In the details pane, right-click Interactive Logon: Do Not Display Last User Name, click Properties, and then select Enabled to enable this feature, which is either enabled or disabled (see Figure 13.7).
In this practice, you configure the security setting that automatically renames the Guest account on your computer. Then you turn off the Welcome screen and configure some additional security settings on your computer.
Run the SecuritySettings file in the Demos folder on the CD-ROM accompanying this book for a demonstration of configuring security settings.
In this exercise, you use the custom MMC console containing the Group Policy snap-in you created and saved with the name Local Group Policy to automatically rename the Guest account.
In this exercise, you turn off the use of the Welcome screen.
Windows XP Professional displays the Select Logon And Logoff Options window.
Windows XP Professional also clears the Use Fast User Switching check box.
Notice that the Welcome Screen is not displayed and that the Welcome To Windows dialog box requiring you to press Ctrl+Alt+Delete is displayed.
In this exercise, you configure some additional security settings.
The Log On To Windows Screen is displayed and the name of the last user to log on to the computer is automatically filled in.
Notice that Shut Down is available.
The following questions will help you determine whether you have learned enough to move on to the next lesson. If you have difficulty answering these questions, review the material in this lesson before beginning the next lesson. The answers are in Appendix A, "Questions and Answers."