Security Defaults

  • Thread starter Thread starter Carl gross
  • Start date Start date
C

Carl gross

I recently downloaded a program that told me what all my
security holes were. It recommended that I changes some
of the security settings in the Account Policies. As a
result I am getting locked out every few minutes (15 to be
exact). The default settings are "Undefined". If this is
the problem, how do I restore the Account Policy defaults.
 
What did you download? Microsoft Baseline Security Analyzer is a good program to use.
You have to very careful about doing security configuration unless you have some idea
exactly what the changes are supposed to accomplish and whether or not you interact
with other computers and their configuration and operating systems.

You did not say if you are on a domain or what, but you can go the appropriate
security policy - local for a non domain computer and domain for a domain computer
and change the account lockout threshold to zero or try razing it to at least ten.
The links below may be helpful. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;313222 -- how to set
security settings back to default defined levels.
http://www.microsoft.com/technet/Security/prodtech/win2000/win2khg/05sconfg.mspx --- read
here before implementing changes to understand what they do. W2K Security Hardening
Guide
 
Thank you for your response. It was very helpful,
especially the links. I loaded the SNSI program from
Sunbelt Software. It isn't the easiest to use.

I am on a domain. The changes I made were local to my
machine only. I knew what changes I made (and was really
careful not to make registry changes) but there were so
many I had forgotten to restore all of them.
-----Original Message-----
What did you download? Microsoft Baseline Security
Click to expand...
Analyzer is a good program to use.
You have to very careful about doing security
Click to expand...
configuration unless you have some idea
exactly what the changes are supposed to accomplish and whether or not you interact
with other computers and their configuration and operating systems.

You did not say if you are on a domain or what, but you can go the appropriate
security policy - local for a non domain computer and domain for a domain computer
and change the account lockout threshold to zero or try razing it to at least ten.
The links below may be helpful. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN- US;313222 -- how to set
security settings back to default defined levels.
http://www.microsoft.com/technet/Security/prodtech/win2000
Click to expand...
/win2khg/05sconfg.mspx --- read
 
I have not tried that program. Of course a total backup/Ghost is always a good idea
when making security changes. If you are using security templates it is pretty easy
to use Security Configuration and Analysis Tool to do an analysis first and then
manually create a rollback template, though it may not be practical to do that for
anything other than local and account policies. --- Steve
 
Back
Top