![]() ![]() The values prescribed in this section represent the minimum recommended level of auditing. Guidance is provided for establishing the recommended state using via GPO and auditpol.exe. ![]() However, in Server 2008 R2, GPOs exist for managing these items. Prior to Windows Server 2008 R2, these settings could only be established via the auditpol.exe utility. This section articulates the detailed audit policies introduced in Windows Vista and later. 1.2Īudit: Shut down system immediately if unable to log security auditsĪudit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings For the above reasons, this Benchmark does not prescribe specific values for legacy audit policies. ![]() Additionally, the "Force audit policy subcategory settings", which is recommended to be enabled, causes Windows to favor the audit subcategories over the legacy audit policies. Given this, it is recommended that Detailed Audit Policies in the subsequent section be leveraged in favor over the policies represented below. By enabling the legacy audit facilities outlined in this section, it is probable that the performance of the system may be reduced and that the security event log will realize high event volumes. ![]() Windows Server 2008 has detailed audit facilities that allow administrators to tune their audit policy with greater specificity. Maximum tolerance for computer clock synchronization Store passwords using reversible encryption Password must meet complexity requirements Baseline Security Settings Account Policies 1.1Ģ4 remembered not required to set for local accounts Other recommendations were taken from the Windows Security Guide, and the Threats and Counter Measures Guide developed by Microsoft. This hardening standard, in part, is taken from the guidance of the Center for Internet Security and is the result of a consensus baseline of security guidance from several government and commercial bodies. This standard was written to provide a minimum standard for the baseline of Window Server Security and to help Administrators avoid some of the common configuration flaws that could leave systems more exposed. Security is complex and constantly changing. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |