Domain Level: Hardening The Domain Infrastructure Password Policy - HP StorageWorks X5000 Technical Manual

Nas security: technical guide to nsa, c2, e3-fc2, and cc security compliancy

Hide thumbs Also See for StorageWorks X5000:

Release note (39 pages)

Limited warranty (76 pages)

Support manual (17 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

page of 156

/ 156
Contents
Table of Contents
Bookmarks

Table of Contents

Important: This policy should be imported into any additional domains in the organization. However,

it is not uncommon to find environments where the root domain password policy is much stricter than

any of the other domains. Care should also be taken to ensure that any other domains that will use

this same policy have the same business requirements. Because the password policy can only be set

at the domain level, there may be business or legal requirements that segment some users into a

separate domain simply to enforce the use of a stricter password policy on that group.

Once the domain policy has been downloaded successfully to each of the servers, an event in the

Application Event Log should appear specifying its completion in the form of the following Event ID

number:

Type: Information

Source ID: SceCli

Event ID: 1704

Description: Security policy in the Group policy objects has been applied successfully.

For more information, see Help and Support Center at

<http://go.microsoft.com/fwlink/events.asp>.

If the above message does not appear within a few minutes after applying the domain policy, rerun

the Gpupdate.exe command-line tool to apply the domain policy, and then restart the server to force

the domain policy download. By default, security settings are refreshed every 90 minutes on a

workstation or server and every 5 minutes on a domain controller.

For Windows 2000 Active Directory domains: Administrators should use the

/refreshpolicy

" command-line from the DOS prompt instead to force domain policy replication.

Group Policy security settings are applied at several different levels within the network organizational

hierarchy which have been broken down to the following three levels in the domain infrastructure:

• Domain Level-To address common security requirements, such as account and password policies

that must be enforced for all servers in the domain.

• Baseline Level-To address specific server security requirements that are common to all servers in the

domain infrastructure.

• Role Specific Level-To address security requirements for specific server roles. For example, the

security requirements for infrastructure servers differ from those for servers running HP NAS.

2.4 Domain Level: Hardening the Domain Infrastructure Password

Policy

The easiest and most important task in securing one's network environment at the domain level is by

implementing policies that force users to create complex passwords and requires them to change their

passwords on a regular basis. Administrators should apply the following password guidelines:

Avoid using words from a dictionary, common or clever misspellings of words, and foreign

•

words.

Avoid using incrementing passwords with a digit.

•

Avoid preceding or appending passwords with a number.

•

Avoid using passwords that others can easily guess.

•

Avoid using words from popular culture.

Avoid thinking of passwords as just full words.

•

secedit.exe

Table of Contents

This manual is also suitable for:

Nsa security compliancy C2 security compliancy E3-fc2 security compliancy Cc security compliancy

Domain Level: Hardening The Domain Infrastructure Password Policy - HP StorageWorks X5000 Technical Manual

Related Manuals for HP StorageWorks X5000

Related Content for HP StorageWorks X5000

This manual is also suitable for:

Table of Contents