Security Policy Settings Reference
Updated: October 18, 2012
Applies To: Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Vista
This reference of security settings provides information about how to implement and manage security policies, including setting options and security considerations. Applicable operating system versions are listed on each policy setting description.
This reference focuses on those settings that are considered security settings. This reference examines only the settings and features in the Windows operating systems that can help organizations secure their enterprises against malicious software threats. Management features and those security features that are not configurable by administrators are not described in this reference.
Each policy setting described contains referential content such as a detailed explanation of the settings, best practices, default settings, differences between operating system versions, policy management considerations, and security considerations that include a discussion of vulnerability, countermeasures, and potential impact of those countermeasures.
For each grouping of policies, an overview topic describes the general use and implementation of those policies and provides links to related topics.
The information that is provided within this reference should help you and members of your organization understand the implementation and countermeasures for security polices that are available in the named versions of the Windows operating system.
Contents of this guide
This guide consists of the following sections that contain descriptions of the settings that you should consider while planning the security policy for your organization.
This section discusses the settings that are applied at the domain level: password policies, account lockout policies, and Kerberos authentication protocol policies.
This section provides information about the security audit policy settings under Security Settings\Local Policies\Audit Policy that provide broad security audit capabilities for client computers and servers that cannot use advanced security audit policy settings.
This section provides guidance about how to configure the variety of settings specific to security on the local computer:
This section provides information about advanced security audit policy settings, which allow administrators to use audit policies to help monitor and enforce business rules.
This section provides information about the User Rights Assignment security policy settings that are available in the Windows operating system.
This reference for the IT professional provides information about the auditing settings available in the Windows operating system beginning with Windows Server 2003 and the audit events that they generate.
This guide focuses on the security settings available in Windows Server 2008 and Windows Vista that can help you address specific computer security risks in an enterprise environment.
This guide focuses on the security settings available in Windows Server 2008 R2 and Windows 7 that can help you address specific computer security risks in an enterprise environment.
This reference documents security policy settings in Windows Server 2003.
The Security Baselines are part of the Microsoft Security Compliance Manager available as a downloadable tool that can help you plan, deploy, and monitor the security baselines of computers running Windows Server 2008 R2, Windows Server 2008, Windows 7, and Windows Vista.