Project 4-2: Setting Windows Local Security Policy

The Local Group Policy Editor is a Microsoft Management Console (MMC) snap-in that gives a single user interface through which all the Computer Configuration and User Configuration settings of Local Group Policy objects can be managed. The Local Security Policy settings are among the security settings contained in the Local Group Policy Editor. An administrator can use these to set policies that are applied to the computer. In this project, you will view and change local security policy settings.

Note: You will need to be an administrator to open the Local Group Policy Editor.

1. Click Start.
2. Type secpol.msc into the Search box and then click secpol.

Note: You may be prompted at this point for an administrator password or confirmation.

3. First create a policy regarding passwords. Expand Account Policies in the left pane and then expand Password Policy.
4. Double-click Enforce password history in the right pane. This setting defines how many previously used passwords Windows will record. This prevents users from recycling old passwords.
5. Change passwords remembered to 4.
6. Click OK.
7. Double-click Maximum password age in the right pane. The default value is 42, meaning that a user must change his password after 42 days.
8. Change days to 30. After changing it to 30, take a screenshot and paste it below this step. Make sure your VM number in the top left is visible in the screenshot or no credit will be given for this step.
9. Click OK.
10. Double-click Minimum password length in the right pane. The default value is a length of 8 characters.
11. Change characters to 10.
12. Click OK.
13. Double-click Password must meet complexity requirements in the right pane. This setting forces a password to include at least two opposite case letters, a number, and a special character (such as a punctuation mark).
14. Click Enabled.
15. Click OK.
16. Double-click Store passwords using reversible encryption in the right pane. Because passwords should be stored in an encrypted format this setting should not be enabled.
17. If necessary, click Disabled. After clicking disabled, take a screenshot and paste it below this step. Make sure your VM number in the top left is visible in the screenshot or no credit will be given for this step.
18. Click OK.
19. In the left pane, click Account lockout policy.
20. Double-click Account lockout threshold in the right pane. This is the number of times that a user can enter an incorrect password before Windows will lock the account from being accessed. (This prevents an attacker from attempting to guess the password with unlimited attempts.)
21. Change invalid login attempts to 5.
22. Click OK.
23. Note that the Local Security Policy suggests changes to the Account lockout duration and the Reset account lockout counter after values to 30 minutes.
24. Click OK.
25. Expand Local Policies in the left pane and then click Audit Policy.
26. Double-click Audit account logon events.
27. Check both Success and Failure. After checking the settings, take a screenshot and paste it below this step. Make sure your VM number in the top left is visible in the screenshot or no credit will be given for this step.
28. Click OK.
29. Right-click Security Settings in the left pane.
30. Click Reload to have these policies applied.
31. Close all windows.

summarize this activity and your thoughts on it.