Using Windows to set up workstation security

This article looks at some features included in both Windows 2000 and 2003 that I am sure most administrators are aware of, but might often overlook when implementing security on a workstation.

Enforcing password Requirements

All organizations should have a written policy that stipulates guidelines for how users should maintain their user account passwords. With Windows security features you can set up such instances as password lengths and special characters requirements.

Standalone Workstation

Login with Administrator Privileges

Click Start | Programs| Administrative Tools | Local Security Policy

In the Local Security Settings Window expand Account Policies

Then Click Password Policy

In the right pane double-click "Passwords must meet complexity requirements"

Select "enabled" then click OK

Once enabled, you can then set the password features listed.

Workstations On a LAN

To implement this feature you can use Group Policy Object. Follow this

Requires Free Membership to View

Microsoft link for a detailed procedure on how to implement this.

Hiding the administrative tools

You can prevent users from poking around in the administrative tool applets by performing the following:

Run Regedit
Select SubKey: SoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced
Select StartMenuAdminTools
Select type: REG_WORD
You can edit the value to 0 so that the administrative tools will not be displayed.

Prevent Users From Mapping Network Drives

Administrators can implement a policy that will prevent users from mapping network drives to unauthorized files/folders share or even prevent them from disconnecting a mapped networked drive. The following shows the registry change that has to be performed:

Run Regedit

Go to HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
Create a valuename: NoNetDrives

Data Type: REG_DWORD with a Value of 1

  0 - Display Drives
  1 - Remove Drives

If you would like to apply this for multiple workstations on a network you can modify the winnt.adm file and apply a system policy. An example of how this can be done is as follows:

Create a backup copy of the winnt.adm file
Using a text editor such as notepad open the winnt.adm file

Type the following:


CATEGORY "Hide Network Drives"

POLICY "Remove Map Drives Option"

KEYNAME "SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer"
PART "Network Drives"



Please note that making any changes to the winnt.adm file will obviously affect your current system policy. If you need further explanation on the use of winnt.adm and the variables used visit the following links before making any modifications:

http://www.jsifaq.com/SUBL/tip5900/rh5946.htm (this link also shows how to load the template to system policy editor)

Adesh Rampat has 10 years experience with network and IT administration. He is a member of the Association Of Internet Professionals, the Institute For Network Professionals, and the International Webmasters Association. He has also lectured extensively on a variety of topics.

This was first published in March 2004

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.