Local Security Settings and Group Policy Editor in Windows 2000

Wayne Jansson

Visitors: 950

The Local Security Settings tool is found in the Control Panel's Administrative Tools menu. You must have administrator privileges to access the Local Security Settings.

The Local Security Settings include:

Account Policies: Password and account lockout policies.

Local Policies: Audit policies, user rights assignments, and security options.

Public Key Policies: Configure encrypted data recovery agents and trusted certificate authorities.

IP Security (IPSec) Policies: Configure network IP security on the local machine.

By using the Group Policy Editor via a command you are given more control over settings for the local machine. You must have administrator privileges to access the Group Policy Editor. Click Start, Run, and type gpedit. msc and press enter. All the controls in the Local Security Settings are available here plus many more. The level of control over the local machine is truly remarkable. If you use gpedit. msc you will find the Local Security Settings under the Windows Settings folder.

Password Policy

The default setting for Password Policy allows insecure passwords. Users can set passwords with only one letter if they want. The more complex the password id the more secure it is. Its a good idea to set a minimum length here and also select password complexity which stops people using words as passwords or simple variations of words. You can also set passwords to expire forcing users to change their passwords at predetermined intervals. I suggest you use long passwords of at least 8 characters with a mix of letters and numbers. Its important to remember that if your on a domain network, domain security settings will override these settings.

Account Lockout Policy

This policy will lock the account of a user if X number of unsuccessful attempts in Y number of minutes are made to log into an account. It will lock for Z number of minutes. There are 3 policies in this folder, 1 each for X, Y, and Z. If an account is locked the user can either wait for the account to unlock or contact a person with administrator privileges to unlock it. Once again any domain level policies will override this local setting.

Audit Policy

The Audit Policy allows administrators to log user activity. When auditing is turned on for events they are recorded in the security log which can be found in the Event Viewer within Administrative Tools. The size of the security log is limited and also auditing consumes computer resources and slows performance, keep this in mind.

User Rights Assignment

This policy is set by groups not users, also the domain settings will override local settings, thus two columns “Local setting" and “effective Setting". Some rights are negative rights, “Deny Logon Locally".

Security Options

Security Options gives a range of additional security options such as preventing users from installing printer drivers, allowing the removal of removable NTFS media, and many other things.

Encrypted Data Recovery Agent

This allows you to add users who can act as a recovery agent in the event people are locked out from their encrypted files. By default the administrator is a recovery agent.

IP Security Policies on Local Machine

Configures network IP security on the local machine. These policies are either simply assigned or the use of a wizard is used to create a policy

Author: Wayne Jansson MCP A+ Network+ jansant© 2007

Wayne Jansson MCP A+ Network+

Computer help for the home user and small business. Information to help users make the most out of their computer and network systems. The aim of the web-site is to help users spend less time working out how to set up and maintain their computers and network systems, so they have more time to spend actually using them for their intended purpose, running their business.



Article Source:

Rate this Article: 
Why do you require security policy?
Rated 4 / 5
based on 5 votes

Related Articles:

Windows 2000 Security

by: Benjamin Hargis (October 27, 2005) 
(Internet and Businesses Online/Security)

HTML and Code Editor for Windows

by: Wolfgang Schmuck (June 05, 2010) 
(Internet and Businesses Online/Web Development)

How Do I Refresh My DNS Settings (On a Windows Based PC)?

by: D Kai Wilson (June 25, 2008) 
(Computers and Technology/Software)

Speed Up Your Windows 2000 XP System and Save Resources at the Same Time

by: Sze Lim Chan (July 23, 2008) 
(Computers and Technology/Software)

An easy way to recover Windows server 2008/2003/2000 Active Directory domain ..

by: Xu Syon (January 09, 2012) 
(Computers and Technology/Software)

Starting a Local Writer's Group

by: Devrie Paradowski (April 09, 2005) 
(Writing and Speaking/Writing)

Should I Keep My Spouse and Kids on My Company Group Policy?

by: Brent Trice (September 19, 2008) 

Sponsoring a Local Community Group Could it Boost Your Business?

by: Hamish Jones (July 13, 2008) 

HOW TO SAVE $2000 on Your Funeral and $2000 More on Your Casket

by: Navdeep Singh (July 11, 2012) 
(Home Improvement/Energy Efficiency)

Why do you require security policy?

by: Venkatesh Pai (June 17, 2010) 
(Computers and Technology/Software)