Greta Mameniskyte IV course 3rd group

Slides:



Advertisements
Similar presentations
Chapter Five Users, Groups, Profiles, and Policies.
Advertisements

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
Lesson 17: Configuring Security Policies
Module 4: Implementing User, Group, and Computer Accounts
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 6: Configure and Troubleshoot Local User and Group Accounts.
12.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
10.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Administering Active Directory
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Chapter 3 – Creating and Managing User Accounts MIS 431 – Created Spring 2006.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
11 CERTIFICATE SERVICES AND SECURE AUTHENTICATION Chapter 10.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 7: Active Directory Replication.
70-270: MCSE Guide to Microsoft Windows XP Professional Chapter 5: Users, Groups, Profiles, and Policies.
Understanding Workgroups and Active Directory Lesson 3.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
Using Group Policy to Manage User Environments. Overview Introduction to Managing User Environments Introduction to Administrative Templates Assigning.
September 18, 2002 Introduction to Windows 2000 Server Components Ryan Larson David Greer.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Hands-On Microsoft Windows Server 2008
XP New Perspectives on Microsoft Office Access 2003 Tutorial 12 1 Microsoft Office Access 2003 Tutorial 12 – Managing and Securing a Database.
Guide to Operating System Security Chapter 4 Account-based Security.
User Manager for Domains.  Manages the user accounts in a domain  It is located in the PDC  While User Manager exists in each NT machine, but it is.
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Managing Network Security ref: Overview Using Group Policy to Secure the User Environment Using Group Policy to Configure Account Policies.
Designing Active Directory for Security
Section 7: Implementing Security Using Group Policy Exploring the Windows Security Architecture Securing User Accounts Exploring Security Policies Hardening.
Windows Server 2003 Overview 1 Windows 2003 Server Overview Ayaz
CIS 450 – Network Security Chapter 8 – Password Security.
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 22 Local Security Polcies 1.
Securing AD DS Module A 3: Securing AD DS
Module 7: Fundamentals of Administering Windows Server 2008.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.
8.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 8: Planning.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.
Breno de MedeirosFlorida State University Fall 2005 Windows servers The NT security model.
Understanding Group Policy James Michael Stewart CISSP, TICSA, CIW SA, CCNA, MCSE NT & W2K, iNet+
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Network Security. Need for security  Connecting to the Internet is quickly becoming a necessity for companies/ individuals  Understand the security.
1 Part-1 Chap 5 Configuring Accounts Definitions.
NT4 SP4 Security Jack Schmidt - Fermilab
CHAPTER Creating and Managing Users and Groups. Chapter Objectives Explain the use of Local Users and Groups Tool in the Systems Tools Option to create.
Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.
Chapter 10: Rights, User, and Group Administration.
Managing Local Users & Groups. OVERVIEW Configure and manage user accounts Manage user account properties Manage user and group rights Configure user.
Module 7: Implementing Security Using Group Policy.
NetTech Solutions Security and Security Permissions Lesson Nine.
Module 10: Implementing Administrative Templates and Audit Policy.
Chapter 4- Part3. 2 Implementing User Profiles A local user profile is automatically created at the local computer when you log on with an account for.
Privilege Management Chapter 22.
Chapter 7 Server Management Policies –User accounts –Groups Rights and permissions Examples.
Module 6: Administering Reporting Services. Overview Server Administration Performance and Reliability Monitoring Database Administration Security Administration.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Configuring the User and Computer Environment Using Group Policy Lesson 8.
19 Copyright © 2008, Oracle. All rights reserved. Security.
Managing User and Service Accounts
Configuring Windows Firewall with Advanced Security
Lesson 16-Windows NT Security Issues
Microsoft Office Access 2003
(Authentication / Authorization)
PLANNING A SECURE BASELINE INSTALLATION
Windows Security By, Omkar Sravan Kasinadhuni.
Chapter 8: Managing Accounts and Client Connectivity
Preparing for the Windows 8. 1 MCSA Module 6: Securing Windows 8
Presentation transcript:

Greta Mameniskyte IV course 3rd group Local Security Policy Greta Mameniskyte IV course 3rd group

Table of contents Definition How to open Local Security Policy settings Account policies Local policies LSA Policy Objects How to use LSA Objects

Definition The Local Security Authority (LSA) is a protected subsystem of Windows that maintains information about all aspects of local security on a system, collectively known as the local security policy of the system. In other words, the local security policy of a system is a set of information about the security of a local computer. The local security policy information includes the following: The domains trusted to authenticate logon attempts. Which user accounts may access the system and how. For example, interactively, through a network, or as a service. The rights and privileges assigned to accounts. The security auditing policy. The Local Security Authority (LSA) stores the local policy information in a set of LSA Policy Objects.

How to open local security policy settings Windows+r -> secpol.msc Control panel -> Administrative tools -> Local Security Policy

Local security policies Account policies Password Policy Account Lockout Policy Local policies Audit Policy User Rights Assignment Security Options

Password policies Enforce password history Maximum password age Minimum password age Minimum password length Password must meet complexity requirements Store password using reversable encryption Enforce password history This security setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused. Maximum password age This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it. Minimum password age This security setting determines the period of time (in days) that a password must be used before the user can change it. Password must meet complexity requirements This security setting determines whether passwords must meet complexity requirements. Store password using reversable encryption This security setting determines whether the operating system stores passwords using reversible encryption. This policy provides support for applications that use protocols that require knowledge of the user's password for authentication purposes. Storing passwords using reversible encryption is essentially the same as storing plaintext versions of the passwords. For this reason, this policy should never be enabled unless application requirements outweigh the need to protect password information.

Account lockout policy Account lockout duration This security setting determines the number of minutes a locked-out account remains locked out before automatically becoming unlocked. Account lockout threshold This security setting determines the number of failed logon attempts that causes a user account to be locked out. Reset account lockout counter after This security setting determines the number of minutes that must elapse after a failed logon attempt before the failed logon attempt counter is reset to 0 bad logon attempts.

Audit policies Audit policies records certain events that occur on your computer. Later you can go to the Event Viewer and see all the information about the events that have been set to be audited.

User Rights Assignment

User Rights Assignment

Security options

Security options

LSA Policy Objects The LSA stores local security policy information in a set of objects. Your application can query or edit the local security policy by accessing these objects. The set consists of the following four objects: Policy contains global policy information. TrustedDomain contains information about a trusted domain. Account contains information about a user, group, or local group account. Private Data contains protected information, such as server account passwords. This information is stored as encrypted strings

Using LSA Policy Opening a Policy Object Handle Managing Policy Information Receiving Policy Change Events Managing Account Permissions Managing Trusted Domain Information Translating Between Names and SIDs Storing Private Data Using LSA Unicode Strings

Opening a Policy Object Handle Most LSA Policy functions require a handle to the Policy object for the system to query or modify. To obtain a handle to a Policy object, call LsaOpenPolicy and specify the name of the system you want to access and the set of access permissions required.

Managing Policy Information To retrieve information about the local security policy, call LsaQueryInformationPolicy. To set local security policy, call LsaSetInformationPolicy. The description of the POLICY_INFORMATION_CLASS enumeration details the types of policy information that can be queried or set.

Receiving Policy Change Events (1) To receive notification, create a new event object by calling the CreateEvent function, and then call the LsaRegisterPolicyChangeNotification function.

Receiving Policy Change Events (2) When your application no longer needs to receive notifications, it should call LsaUnregisterPolicyChangeNotification and then call CloseHandle to free the event object handle.

Managing Account Permissions (1) To access all accounts that have a particular permission, call LsaEnumerateAccountsWithUserRight. This function populates an array with the SIDs (security Identifiers) of all accounts that have the specified permission.

Managing Account Permissions (2) After you have obtained the SID of an account, you can modify its permissions. Call LsaAddAccountRights to add permissions to the account. If the specified account does not exist, LsaAddAccountRights creates it. To remove permissions from an account, call LsaRemoveAccountRights. If you remove all permissions from an account, LsaRemoveAccountRights also deletes the account.

Managing Account Permissions (3) Your application can check the permissions currently assigned to an account by calling LsaEnumerateAccountRights. This function populates an array of LSA_UNICODE_STRING structures. Each structure contains the name of a privilege held by the specified account.

Managing Trusted Domain Information (1) You can enumerate the trusted domains by calling LsaEnumerateTrustedDomainsEx. To retrieve information about a trusted domain, call either LsaQueryTrustedDomainInfo or LsaQueryTrustedDomainInfoByName. Both functions return the same information; however, LsaQueryTrustedDomainInfo identifies the trusted domain by SID, and LsaQueryTrustedDomainInfoByName identifies the trusted domain by name.

Managing Trusted Domain Information (2) To set information for a trusted domain, call either LsaSetTrustedDomainInformation or LsaSetTrustedDomainInfoByName. As with the query functions, LsaSetTrustedDomainInformation identifies the trusted domain by SID, while LsaSetTrustedDomainInfoByName identifies the trusted domain by name.

Translating Between Names and SIDs To locate account names, call the LsaLookupNames function. This function returns the SID as a RID/Domain index pair. To get the SID as a single element, call the LsaLookupNames2 function. To locate SIDs, call LsaLookupSids.

Storing Private Data Call the LsaStorePrivateData function to store and encrypt private data. To retrieve and decode previously stored private data, call LsaRetrievePrivateData. Note that you cannot retrieve machine private data objects; machine objects can be retrieved only by the operating system.

Using LSA Unicode Strings Several of the LSA Policy functions use the LSA_UNICODE_STRING structure to store string information. This structure stores the string and its length information.

Sources of information https://docs.microsoft.com/en-us/windows/desktop/secmgmt/local-security-policy https://docs.microsoft.com/en-us/windows/desktop/secmgmt/using-lsa-policy https://docs.microsoft.com/en-us/windows/desktop/secmgmt/using-lsa-unicode-strings https://docs.microsoft.com/en-us/windows/desktop/secmgmt/opening-a-policy-object-handle https://docs.microsoft.com/en-us/windows/desktop/secmgmt/managing-policy-information https://docs.microsoft.com/en-us/windows/desktop/secmgmt/receiving-policy-change-events https://docs.microsoft.com/en-us/windows/desktop/secmgmt/managing-account-permissions https://docs.microsoft.com/en-us/windows/desktop/secmgmt/managing-trusted-domain- information https://docs.microsoft.com/en-us/windows/desktop/secmgmt/translating-between-names-and- sids https://docs.microsoft.com/en-us/windows/desktop/secmgmt/storing-private-data

Do you have any questions? Thank you! Do you have any questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.