Windows 7 has inbuilt features that users are encouraged to use in order to keep their systems secure. Nevertheless, third party security software such as anti-malware is still required and highly recommended. Some of these features include additional tasks which may require an advanced level of computer proficiency:
The machine account lockout threshold setting is a new security policy found only on Windows 8 and Windows Server 2012 machines. This new security setting determines the number of failed logon attempts by users before locking down the machine. A locked out machine can only be recovered by providing the BitLocker recovery key at the console. A BitLocker recovery key is a special key that you can create when you turn on BitLocker Drive Encryption for the first time on each drive that you encrypt.
A new policy setting on Windows 8 and Windows Server 2012 allows you to disable users from adding new Microsoft accounts on your computer.
Group Policy is a solid tool and is very stable. Microsoft has made constant improvements to it since Windows 2000. It allows for the configuration and deployment of pretty much anything in your Active Directory environment. From deploying software to setting the default printer, it works. But when it doesn’t, Microsoft has provided great guidelines and tools in order to troubleshoot.
Every environment has to deal with software upgrades. Sometimes, these upgrades can get messy. For example, we recently centralized on Adobe Photoshop Elements 11. We previously used a mixture of version 2, 4, and 6. Every site (22 in total) had software deployment security groups for each version. We needed a way to compare members between the new security groups (including nested groups) and the old groups.
The Group Policy ‘Turn on Enhanced Protected Mode’ for Microsoft’s Internet Explorer 10 allows you to enforce additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. In addition, IE 10 on Windows 8 also limits the locations Internet Explorer can read from in the registry and the file system when Enhanced Protected Mode is enabled.
For compliance or security reasons you may wish to remove from the logon screen the name of the last user who successfully logged on to a computer. You can achieve this by applying a Group Policy called Interactive logon: Do not display last user name.