Utilising security policies in Windows

By now, we have learned a great deal on user, groups, file sharing, NTFS permission and data encryption on Windows OS.

There is two other topics we should know to stay on the top of the tech and to know ins and out of security features comes in with Windows. They are Security Policies and User account control. Let’s dive in.

Security policies

With the Security Policies, the whole set of rules for each group or users go beyond just NTFS permission that we have learned about. This is tier-god level security and bossy administrative rules you can implement to satisfy the company or business policies. For instance, you can set rules for when a particular group or user can log in to the system and not. This is just one example. Windows Security Policies come in with massive amount of presets that you can choose from. You can do this by just turning the Local Security Policy on.

There are ways you can go to these security policies utilities. One of the ways, is to navigate through Control Panel to Administrative tools and then to Local Security Policies. For the cool kids out there, simply press “Windows + R” shortcut key, bring up the command line and type secpol.msc and hit enter. You can also simply type Local security Policy in the search bar in the taskbar in Windows 10.

Note that this is one the most powerful tools of Windows. Simply understanding all of these policies can open a whole new door of careers out there.

Account policy

In the left side navigation bar of the Local Security policy box, you will find number of folders. For our purpose, we are going to keep it low to mid level. You will find that under the local policies folder, you have minimum three other sub folders. Inside these sub folders you will have tremendous presets that you can simply choose to put in action. For example, let’s force the users to not use same passwords over and over again and we let them store their password history. So that they can look at them and use a different password than any of the passwords in the passwords history.

To do this, go to Account Policy, double click on the ‘Enforce password security’ and set the value. Further explanation is very well presented by Microsoft right on the explain tab sitting next to local Security setting.

Let’s look at some of other presets from Password Policy under Account Policies. Right beneath the ‘Enforce Password History’ there is another useful preset says ‘Maximum password age’. This is to implement if you want to force to change the password for the users in any given days. By default Windows set it to 42 days. You can change it to any days you want. When the time period ends, Windows will force the user to change the password.

Right beneath the ‘Maximum Password age’ there is ‘Minimum Password age’. This is the opposite of Max password age. To say that a password must be used minimum the given amount of days before the user can change it.

With all of these presets, you can ensure a heavy security measurement for your company and the employees working their leaving the company data intact.