IT tutorials
 
Technology
 

Windows Server 2008 and Windows Vista : Preferences (part 6) - Network Security

12/5/2013 2:15:14 AM
- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

6. Network Security

Security is important at the computer level, as well as on the network as a whole. Security can be set to protect data that resides on servers and desktops, as well as data that is sent over the network. Numerous Group Policy settings are intended for protection of data, network communications, authentication, and more. Table 6 summarizes many of the settings that can help you make your network more secure using Group Policy.

Table 6. Network Security Settings
Full Policy NameComputer or User
SSL Cipher Suite OrderComputer
Windows Firewall: Allow authenticated IPsec bypassComputer
Windows Firewall: Allow ICMP exceptionsComputer
Windows Firewall: Allow inbound file and printer sharing exceptionComputer
Windows Firewall: Allow inbound remote administration exceptionComputer
Windows Firewall: Allow inbound Remote Desktop exceptionsComputer
Windows Firewall: Allow inbound UPnP framework exceptionsComputer
Windows Firewall: Allow local port exceptionsComputer
Windows Firewall: Allow local program exceptionsComputer
Windows Firewall: Allow loggingComputer
Windows Firewall: Define inbound port exceptionsComputer
Windows Firewall: Define inbound program exceptionsComputer
Windows Firewall: Do not allow exceptionsComputer
Windows Firewall: Prohibit notificationsComputer
Windows Firewall: Prohibit unicast response to multicast or broadcast requestsComputer
Windows Firewall: Protect all network connectionsComputer
Windows Firewall: Allow ICMP exceptionsComputer
Windows Firewall: Allow inbound file and printer sharing exceptionComputer
Windows Firewall: Allow inbound remote administration exceptionComputer
Windows Firewall: Allow inbound Remote Desktop exceptionsComputer
Windows Firewall: Allow inbound UPnP framework exceptionsComputer
Windows Firewall: Allow local port exceptionsComputer
Windows Firewall: Allow local program exceptionsComputer
Windows Firewall: Allow loggingComputer
Windows Firewall: Define inbound port exceptionsComputer
Windows Firewall: Define inbound program exceptionsComputer
Windows Firewall: Do not allow exceptionsComputer
Windows Firewall: Prohibit notificationsComputer
Windows Firewall: Prohibit unicast response to multicast or broadcast requestsComputer
Windows Firewall: Protect all network connectionsComputer
Update Security LevelComputer
Update Top Level Domain ZonesComputer
Disable password strength validation for Peer GroupingComputer
CommunitiesComputer
Permitted ManagersComputer
Traps for public communityComputer
Allow local activation security check exemptionsComputer
Define Activation Security Check exemptionsComputer
IP Security policy processingComputer
Wired policy processingComputer
Wireless policy processingComputer
Define host name-to-Kerberos realm mappingsComputer
Define interoperable Kerberos V5 realm settingsComputer
Require strict KDC validationComputer
Allow cryptography algorithms compatible with Windows NT 4.0Computer
Contact PDC on log-on failureComputer
Expected dial-up delay on logonComputer
Final DC Discovery Retry Setting for Background CallersComputer
Initial DC Discovery Retry Setting for Background CallersComputer
Log File Debug Output LevelComputer
Maximum DC Discovery Retry Interval Setting for Background CallersComputer
Maximum Log File SizeComputer
Negative DC Discovery Cache SettingComputer
Netlogon share compatibilityComputer
Positive Periodic DC Cache Refresh for Background CallersComputer
Positive Periodic DC Cache Refresh for Non-Background CallersComputer
Scavenge IntervalComputer
Site NameComputer
Sysvol share compatibilityComputer
Automated Site Coverage by the DC Locator DNS SRV RecordsComputer
DC Locator DNS records not registered by the DCsComputer
Domain Controller Address Type ReturnedComputer
Dynamic Registration of the DC Locator DNS RecordsComputer
Force Rediscovery IntervalComputer
Location of the DCs hosting a domain with single label DNS nameComputer
Priority Set in the DC Locator DNS SRV RecordsComputer
Refresh Interval of the DC Locator DNS RecordsComputer
Sites Covered by the Application Directory Partition Locator DNS SRV RecordsComputer
Sites Covered by the DC Locator DNS SRV RecordsComputer
Sites Covered by the GC Locator DNS SRV RecordsComputer
Try Next Closest SiteComputer
TTL Set in the DC Locator DNS RecordsComputer
Weight Set in the DC Locator DNS SRV RecordsComputer
Restrictions for Unauthenticated RPC clientsComputer
RPC Endpoint Mapper Client AuthenticationComputer
RPC Troubleshooting State InformationComputer
Network Access Protection: Support XP 802.1x QECComputer
Always prompt for password upon connectionComputer
Do not allow local administrators to customize permissionsComputer
Require secure RPC communicationComputer
Require use of specific security layer for remote (RDP) connectionsComputer
Require user authentication using RDP 6.0 for remote connectionsComputer
Server Authentication Certificate TemplateComputer
Set client connection encryption levelComputer
Allow Basic authenticationComputer
Allow unencrypted trafficComputer
Disallow Digest authenticationComputer
Disallow Kerberos authenticationComputer
Disallow Negotiate authenticationComputer
Trusted HostsComputer
Allow automatic configuration of listenersComputer
Allow Basic authenticationComputer
Allow unencrypted trafficComputer
Disallow Kerberos authenticationComputer
Disallow Negotiate authenticationComputer
Allow Remote Shell AccessComputer
MaxConcurrentUsersComputer
Specify idle TimeoutComputer
Specify maximum amount of memory in MB per ShellComputer
Specify maximum number of processes per ShellComputer
Specify maximum number of remote shells per userComputer
Specify Shell TimeoutComputer
Maximum lifetime for service ticketComputer
Maximum lifetime for user ticketComputer
Maximum lifetime for user ticket renewalComputer
Maximum tolerance for computer clock synchronizationComputer
DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntaxComputer
DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntaxComputer
Domain controller: LDAP server signing requirementsComputer
Domain member: Digitally encrypt or sign secure channel data (always)Computer
Domain member: Digitally encrypt secure channel data (when possible)Computer
Domain member: Digitally sign secure channel data (when possible)Computer
Domain member: Disable machine account password changesComputer
Domain member: Require strong (Windows 2000 or later) session keyComputer
Microsoft network client: Digitally sign communications (always)Computer
Microsoft network client: Digitally sign communications (if server agrees)Computer
Microsoft network client: Send unencrypted password to third-party SMB serversComputer
Microsoft network server: Amount of idle time required before suspending sessionComputer
Microsoft network server: Digitally sign communications (always)Computer
Microsoft network server: Digitally sign communications (if client agrees)Computer
Microsoft network server: Disconnect clients when log-on hours expireComputer
Network access: Allow anonymous SID/Name translationComputer
Network access: Do not allow anonymous enumeration of SAM accountsComputer
Network access: Do not allow anonymous enumeration of SAM accounts and sharesComputer
Network access: Do not allow storage of credentials or .NET Passports for network authenticationComputer
Network access: Let Everyone permissions apply to anonymous usersComputer
Network access: Named Pipes that can be accessed anonymouslyComputer
Network access: Remotely accessible registry pathsComputer
Network access: Remotely accessible registry pathsComputer
Network access: Remotely accessible registry paths and subpathsComputer
Network access: Restrict anonymous access to Named Pipes and SharesComputer
Network access: Shares that can be accessed anonymouslyComputer
Network access: Sharing and security model for local accountsComputer
Network security: Do not store LAN Manager hash value on next password changeComputer
Network security: Force logoff when log-on hours expireComputer
Network security: LAN Manager authentication levelComputer
Network security: LDAP client signing requirementsComputer
Network security: Minimum session security for NTLM SSP based (including secure RPC) clientsComputer
Network security: Minimum session security for NTLM SSP based (including secure RPC) serversComputer
RegistryComputer
Data SourcesComputer
ServicesComputer

More Info

Table 6 summarizes the majority of the network security settings that can be configured in a GPO. The policy name is listed in the table. If you are having trouble finding the policy within the GPME, you can download and refer to spreadsheet, WindowsServer GroupPolicySettings.xls, from the Microsoft Download Center at http://www.microsoft.com/Downloads/.
 
Others
 
- Windows Server 2008 and Windows Vista : Preferences (part 5) - Hardware Components
- Windows Server 2008 and Windows Vista : Preferences (part 4) - Servers
- Windows Server 2008 and Windows Vista : Preferences (part 3) - Log-on Scripts
- Windows Server 2008 and Windows Vista : Preferences (part 2) - User Account Control
- Windows Server 2008 and Windows Vista : Preferences (part 1) - Terminal Services
- Sharepoint 2013 : Automating tasks with workflows - Switching to the visual designer, Creating workflows in Visio 2013
- Sharepoint 2013 : Automating tasks with workflows - Introducing Microsoft Visio integration with SharePoint workflows - Visio visual designer
- Sharepoint 2013 : Automating tasks with workflows - Editing workflows - Edit an existing list workflow
- Sharepoint 2013 : Creating a list workflow in SharePoint Designer
- Microsoft Access 2010 : Publishing Your Database to Access Services
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us