Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
programming4us
Windows 7

Managing Security in Windows 7 : Security Policies (part 3) - System Services & Removable Storage Access Policy

- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire
6/10/2011 5:15:40 PM

4. System Services

The Security Settings => System Services node can be used to enforce the startup mode and permissions for any service. Startup modes can be configured as Automatic, Manual, or Disabled through this node. The newer Automatic (Delayed Start) startup mode is not available through the System Services node.


The benefit of using the System Services node is that you can control the startup mode of services and which accounts can start services. For example, your organization may decide that they don't want most users to use the Encrypting File System (EFS).

Figure 10 shows how this can be modified. When Disabled is selected, the service will not be able to start.

Figure 10. Configuring the startup mode and permissions for a service

It's also possible to configure it to Manual and then configure permissions so that only users in specific groups can manipulate the service. If you click the Edit Security button, you can manipulate the permissions.

Exercise: Hardening Systems

Hardening a system means that you are making it more secure than the default installation. Although Windows 7 starts out more secure than previous operating systems, it can still be tweaked to make it even more secure for your organization.

Many organizations identify the services that aren't needed and take steps to disable them. If the service is disabled in the Default Domain Policy, it will be disabled for all systems in the domain.

By disabling unneeded services, you are reducing the attack surface of a system. If malware is programmed to attack a specific service, but the service is disabled, the malware cannot attack. Disabling unneeded services makes you less susceptible to possible attacks.


5. Removable Storage Access Policy

Removable storage devices such as USB flash drives represent a significant risk within a corporate environment. It's very easy for employees to transport malware unknowingly from their home computer to their work computer with flash drives. In addition, with a USB drive, users can easily copy a significant amount of data in a short period of time.

Because of the risks, many organizations restrict the use of USB flash drives and other removable media. You can use a Removable Storage Access policy to enforce this corporate policy.

Windows includes several Group Policy settings that can be configured to restrict the use of removable media. These settings are located in the Computer Configuration => Policies => Administrative Templates => System => Removable Storage Access node.

Figure 11 shows the Removal Storage Access node with the Removal Disks: Deny Read Access selection highlighted.

Notice that you can configure an access policy for different types of devices. You can also deny all access to any removable device with the All Removal Storage Classes: Deny All Access setting. Each of the individual removable devices has three access rights that can be denied:


Deny Execute Access

This prevents any executable files from running directly from the device. Many malware programs attempt to run as soon as the device is plugged in. This setting can be used to help prevent this common malware attack. Deny Execute Access is available only on Windows 7. It is not available on Windows Vista.


Deny Read Access

This prevents data from being read from the device. Deny Read Access is available on Windows Vista and Windows 7 computers.


Deny Write Access

This prevents data from being written to the device. Deny Write Access is available on Windows Vista and Windows 7 computers.

Figure 11. Removal Storage Access policy node

NOTE

WPD devices are listed in the Removable Storage Access policy. WPD is short for Windows Portable Devices. These can include media players, cell phones, and other small portable devices.

If any of these access rights are changed, they will not take effect until the system is restarted. The Time (In Seconds) To Force Reboot setting can be configured to force a system to reboot if any of these rights are changed.

Other -----------------
- Managing Security in Windows 7 : User Account Control
- Group Policy Settings (part 3) - Searching Group Policy
- Group Policy Settings (part 2) - Deploying an Application via Group Policy & AppLocker
- Group Policy Settings (part 1) - Managing User Profiles with Group Policy & Logon and Startup Scripts
- Group Policy and the GPMC (part 3) - Advanced Group Policy Settings
- Group Policy and the GPMC (part 2) - RSAT and the Group Policy Management Console
- Group Policy and the GPMC (part 1) - Enabling a GPO Setting & Applying Multiple GPOs
- Managing Windows 7 in a Domain : Anti-Malware Software
- Managing Windows 7 in a Domain : Understanding User Profiles (part 2)
- Managing Windows 7 in a Domain : Understanding User Profiles (part 1) - Standard Profiles & Roaming Profiles
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
programming4us programming4us
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 windows Phone 7 windows Phone 8
programming4us programming4us
Celebrity Style, Fashion Trends, Beauty and Makeup Tips.
 
programming4us
Natural Miscarriage
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Game Trailer