Use of Group Policy to help provide your network with a safe and secure computing environment.
Several of the more important options that you should be familiar with are as follows: Note: For more information on the policy settings in the Security Options subnode, refer to "Security Policy Settings Technical Overview" at "Security Options" at
These two snap-ins are not contained in any MMC console by default; to use them you must open a blank console (type mmc from the Run dialog box or the Search charm) and add them using the Add or Remove Snap-ins dialog box shown.
Microsoft continues to expand the available range of security policies, compared to those included with previous versions of Windows Server.
User rights are defined as a default set of capabilities assigned to built-in domain local groups that define what members of these groups can and cannot do on the network. You can manage these predefined user rights from the Computer Configuration\ Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment node in the Group Policy Management Editor. Note that each user rights Properties dialog box has an Explain tab, which provides additional information about what each user right involves.
Found here are audit policies, which enable you to track access to and use of resources on the network; user rights assignments, which determine which users and groups can perform various system-based activities; and security options, which include a long list of security-related policies.
User Right Assignment
We also take a look at policies that govern the use of User Account Control (UAC), which prompts users for administrative credentials before permitting potentially harmful actions such as installing software at the local computer.
The password complexity setting prevents users from employing simple, easy-to-guess passwords by enforcing the following requirements with respect to creating passwords: As with previous versions of Windows Server, domain controllers keep track of logon attempts.
By configuring Account Lockout Policy settings, you can control what happens when unauthorized access attempts occur.
Fine-grained password policies are particularly helpful in the following scenarios: Fine-grained password policies use an object class defined in the AD DS schema known as a Password Settings object (PSO).
The PSO holds attributes for the finegrained password and account lockout policy settings.