user accounts & security in windows

USER ACCOUNTS & SECURITY

Subject: NMA

Presented By:

Abdul Rehman

USER ACCOUNTSEach user account has a user name and (optionally) a passwordTwo special accounts:

Administrator -- full rights over the entire computer.

Guest – minimal access.

o The first approach to improve password security is to educate the users of your systems to the dangers of reusable passwords.

Password aging (or password expiration) is another method to improve password security:

• The aging process allows the system manager to enforce the practice of changing account passwords on a regular basis.

Other features present in some UNIX variants are incorrect password attempt counters and account inactivity timers.

• These can be employed to reduce the chances of success by an attacker guessing a user’s password or of an old unused account being exploited to gain access to a system.

• A password attempt counter records failed attempts to provide the system with a password. When a user attempts to log in, the number of failed password attempts is checked against a set limit.

In Windows 7, you have only local user accounts, which may or may not have a password. For example, you can easily set a blank password for any user account, even if that one is an administrator. The only exception to this rule are business networks where domain policies force all user accounts to use a non-blank password.

In Windows 8.x, you have both local accounts and Microsoft accounts.

Microsoft accounts are obliged to use a non-blank password due to the fact that a Microsoft account gives you access to Microsoft services. Using a blank password would mean exposing yourself to lots of problems. Local accounts in Windows 8.1 however, can use a blank password.

What to Keep in Mind When Creating Passwords, PINs and Picture Passwords:• Do not use blank passwords, even on the desktop computers in

your home.

• When creating a password, make it at least eight characters long, but ideally 12 or even 20 if possible. Make sure that it includes a random mix of upper and lowercase letters, numbers, and symbols. Ideally, it should not be related in any way to your name, username, or company name.

• Do not use the same password for more than one account.

• When creating a PIN use four different digits to make things slightly harder to crack.

• When creating a picture password, pick a photo that has at least 10 “points of interests.”

Prohibit Account Sharing: A secure system lets you associate any audited event with a

specific user identity. Therefore, you should never allow users to share accounts. Everyone seems to agree on this basic rule, but few actually follow it. The simple truth is that failing to follow this guideline completely undermines the Windows security model.

Remove or Disable Unused Accounts:A typical Windows installation has default accounts. Remove any of these accounts that you don't use. You can't delete the built-in Administrator and Guest accounts, so you need to take special care with them.

Security Provided by Server To obtain the security of user authentication and

authorization, create an individual user account for each user who will participate on your network by using Active Directory Users and Computers.

Each user account (including the Administrator and Guest account) can then be added to a group to control the rights and permissions assigned to the account.

Local Security Policy Of WindowsAccount Lockout Policy:

o Account Lockout Duration

o Account Lockout Threshold

o Reset Account lockout Counter After

Thank You….