Using Windows to set up workstation security
A look at some of the ways to implement workstation security on a Windows system.
This article looks at some features included in both Windows 2000 and 2003 that I am sure most administrators are...
Continue Reading This Article
Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
aware of, but might often overlook when implementing security on a workstation.
Enforcing password Requirements
All organizations should have a written policy that stipulates guidelines for how users should maintain their user account passwords. With Windows security features you can set up such instances as password lengths and special characters requirements.
Standalone Workstation
Login with Administrator Privileges
Click Start | Programs| Administrative Tools | Local Security Policy
In the Local Security Settings Window expand Account Policies
Then Click Password Policy
In the right pane double-click "Passwords must meet complexity requirements"
Select "enabled" then click OK
Once enabled, you can then set the password features listed.
Workstations On a LAN
To implement this feature you can use Group Policy Object. Follow this Microsoft link for a detailed procedure on how to implement this.
Hiding the administrative tools
You can prevent users from poking around in the administrative tool applets by performing the following:
Run Regedit
Go to HKEY_CURRENT_USER
Select SubKey: SoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced
Select StartMenuAdminTools
Select type: REG_WORD
You can edit the value to 0 so that the administrative tools will not be displayed.
Prevent Users From Mapping Network Drives
Administrators can implement a policy that will prevent users from mapping network drives to unauthorized files/folders share or even prevent them from disconnecting a mapped networked drive. The following shows the registry change that has to be performed:
Run Regedit
Go to HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
Create a valuename: NoNetDrives
Data Type: REG_DWORD with a Value of 1
0 - Display Drives
1 - Remove Drives
If you would like to apply this for multiple workstations on a network you can modify the winnt.adm file and apply a system policy. An example of how this can be done is as follows:
Create a backup copy of the winnt.adm file
Using a text editor such as notepad open the winnt.adm file
Type the following:
CLASS USER
CATEGORY "Hide Network Drives"
POLICY "Remove Map Drives Option"
KEYNAME "SoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer"
PART "Network Drives"
EDITTEXT
VALUENAME "NoNetDrives"
VALUEON "1"
END CATEGORY
Please note that making any changes to the winnt.adm file will obviously affect your current system policy. If you need further explanation on the use of winnt.adm and the variables used visit the following links before making any modifications:
http://www.ntfaq.com/Articles/Index.cfm?ArticleID=14971
http://www.jsifaq.com/SUBL/tip5900/rh5946.htm (this link also shows how to load the template to system policy editor)
Adesh Rampat has 10 years experience with network and IT administration. He is a member of the Association Of Internet Professionals, the Institute For Network Professionals, and the International Webmasters Association. He has also lectured extensively on a variety of topics.
Start the conversation
0 comments