Best IT Blog

Windows Level Certification Checklist

Posted in Compliances (1300),O S (375),Security (1500) by Guest on the February 23rd, 2012

Window policy information for Account Information

[ ] List Groups and Their Users

[ ] List Users and Their Groups

[ ] List Users and Their Rights

[ ] List Users With Admin Privilege

[ ] List Locked Out Accounts

[ ] List Disabled Accounts

[ ] List Expired Accounts


Window policy information for Account Integrity

[x] Backup Files/Directories

[x] Change System Time

[x] Audit/Security Log

[x] Restore File/Directories

[x] Shut Down System

[x] Ownership Files/Objects

[x] Advanced User Rights

[ ] Full Name/Description

[x] Rename Admin Account

[x] Rename Guest Account

[x] Disallow Guest Account Logon

[x] Disallow Guest Network Access

[x] List Groups to Which the Guest Account Belongs

[x] List Non-Standard Priv Accts

[ ] List User Rights for Accts

[ ] List Accts w/o Time Restricts

[x] List Dormant Accounts

[ ] List Accts w/o w/s Restricts

[x] List Accounts That Never Expire

Window policy information for Login Parameters

[x] Account Lockout Enabled

[x] Lockout Time

[x] Time Before Bad Logon Counter Is Reset

[x] Forcibly Disconnect Users When Logon Hours Expire

[x] Display Legal Notice During Logon

[ ] Hide Last User ID from Logon Dialog Box

[ ] Do Not Allow Shutdown from Logon Dialog Box

[x] Autologon Is Disabled

Window policy information for Network Integrity

[x] List Trusted Domains

[ ] List Local groups

[x] List Shared Directories

[x] List Shared Directories Giving Full Access to Everyone

[ ] List Shared Printers

[x] TCP/IP Security

[ ] Allocate Floppies Upon Login

[ ] Allocate CD-Roms Upon Login

[x] RAS Disabled

[ ] RAS Require Callback Set by User on All Accounts

[ ] RAS Require Callback to Preset Number on All Accounts

[ ] RAS NetBIOS Gateway Disabled

[ ] RAS Encrypted Password

[ ] RAS Authentication Retries

[ ] RAS Authentication Time Limit

[ ] RAS NetBIOS Auditing

[ ] RAS Auditing

[ ] RAS Encrypted Data


Window policy information for Password Strength

[x] Minimum Password Length 12 – administrator, 8 – user

[x] Accounts w/o Passwords

[x] Password = Username

[x] Password = Any Username

[ ] Password = Wordlist Word – English Large, ntcrack

[ ] Reverse Order

[ ] Double Occurrences

[ ] Plural Forms

[ ] Add Prefix

[ ] Add Suffix

[x] User Change Password

[x] Password Must Expire

[x] Maximum Password Age – Days until expiration [ 30 ]

[x] Minimum Password Age – Days until change is allowed [ 30 ]

[x] Password Uniqueness – Number of passwords to remember [ 4 ]


Window policy information for System Auditing

 [x] Security Events Success Auditing

                User and Group Management

      Security Policy Changes

      Restart, Shutdown, System

[x] Security Events Failure Auditing

      Logon and Logoff

      File and Object Access

      Use of User Rights

      User and Group Management

      Security Policy Changes

      Restart, Shutdown, System

[x] Security Events Do Not Overwrite Security Log

[ ] System Halts When Security Log Full

[x] Security Event Log Size

[ ] Days Until Security Events Are Overwritten – Days [ 30 ]

[ ] Audit Backup Rights Usage


Comments Off on Windows Level Certification Checklist

Comments are closed.