Best Practices for Security Settings
The following are the best practices for applying security settings:
Do not configure account policies for OUs that do not contain any computers because OUs that contain only users always receive account policy from the
domain.
When setting account policies in Active Directory, keep in mind that there can only be one domain account policy: the account policy applied at the root domain of a domain tree.
Event log size and log wrapping should be defined to match your organization’s business and security requirements. Consider implementing Event Log settings at the site, domain, or OU level to take advantage of Group Policy settings.
Track the system services used on a computer. For performance optimization, set unnecessary or unused services to start only by manual intervention.
If you choose to set the system service startup to Automatic, perform adequate testing to verify that the services can start without user intervention.
When security settings are imported to a GPO in Active Directory, they affect the local security settings of any computer accounts to which that GPO is applied. In either case, your user account rights might no longer apply if there is a local policy setting that overrides those privileges.
If you create a Restricted Groups policy for a group, groups and users not specified in that policy are removed from the group specified. In addition, the reverse membership configuration option ensures that each restricted 70-680 group is a member of only those groups specified. For these reasons, using Restricted Groups for security should be limited to primarily configuring membership of local groups on workstation or member servers.
Registry and File System
The Registry security area is used to configure security on registry keys. The File System security area is used to configure security for file system objects, including access control, audit, and ownership. You can edit the security properties of the registry key or file path: what user or group accounts have permission to read/write/delete/ execute, as well as inheritance settings, auditing, and ownership permission.
Wireless Network (IEEE 802.11) Policies
Wireless technology makes it possible for you to use various devices to access data from anywhere in the world. The Windows Server 2003 family provides support for 802.11 wireless networks. In the Windows Server 2003 Free A+ exam questions family, only Windows Server 2003, Standard Edition supports infrared networking.
Processing your request, Please wait....
