This article looks at some features included in both Windows 2000 and 2003 that I am sure most administrators are aware of, but might often overlook when implementing security on a workstation.
Enforcing password Requirements
All organizations should have a written policy that stipulates guidelines for how users should maintain their user account passwords. With Windows security features you can set up such instances as password lengths and special characters requirements.
Login with Administrator Privileges
Click Start | Programs| Administrative Tools | Local Security Policy
In the Local Security Settings Window expand Account Policies
Then Click Password Policy
In the right pane double-click "Passwords must meet complexity requirements"
Select "enabled" then click OK
Once enabled, you can then set the password features listed.
Workstations On a LAN
To implement this feature you can use Group Policy Object. Follow this
Hiding the administrative tools
You can prevent users from poking around in the administrative tool applets by performing the following:
Go to HKEY_CURRENT_USER
Select SubKey: SoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced
Select type: REG_WORD
You can edit the value to 0 so that the administrative tools will not be displayed.
Prevent Users From Mapping Network Drives
Administrators can implement a policy that will prevent users from mapping network drives to unauthorized files/folders share or even prevent them from disconnecting a mapped networked drive. The following shows the registry change that has to be performed:
Go to HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
Create a valuename: NoNetDrives
Data Type: REG_DWORD with a Value of 1
0 - Display Drives
1 - Remove Drives
If you would like to apply this for multiple workstations on a network you can modify the winnt.adm file and apply a system policy. An example of how this can be done is as follows:
Create a backup copy of the winnt.adm file
Using a text editor such as notepad open the winnt.adm file
Type the following:
CATEGORY "Hide Network Drives"
POLICY "Remove Map Drives Option"
PART "Network Drives"
Please note that making any changes to the winnt.adm file will obviously affect your current system policy. If you need further explanation on the use of winnt.adm and the variables used visit the following links before making any modifications:
http://www.jsifaq.com/SUBL/tip5900/rh5946.htm (this link also shows how to load the template to system policy editor)
Adesh Rampat has 10 years experience with network and IT administration. He is a member of the Association Of Internet Professionals, the Institute For Network Professionals, and the International Webmasters Association. He has also lectured extensively on a variety of topics.
This was first published in March 2004