Review security policies
Identify procedures for NT server environment
Display global log in accounts security parameters using Manager Utility
Forcibly disconnect remote users (forces users to log off system), review settings
Minimum password age in days
Maximum password age in days
Minimum password length
Password uniqueness (number of past passwords disallowed for future use)
Account lockout after x number of bad log on attempts
Account lockout - reset bad log on count after x number minutes
Account lockout duration - require administrator to unlock or automatically unlock after x number minutes
User must log on to change password - may allow or restrict users with expired passwords from logging on and changing password themselves or requiring an administrator to change password for them
Determine user log in identifying and authenticating process is properly configured
Determine users assigned to NT groups are consistent with job requirements and access needs
Determine Administrator and Guest accounts have passwords assigned to them
Determine Administrator account password is well controlled and used/known by only select personnel
Ensure significant system and application program and data resources are protected from unauthorized access and modifications
/Home/
Services/
Links/
Newsletter
Training/
Construction/
Risk/
CIA
/Peer Review
Audit Services Tel:615-790-9858 Fax: 209-797-7983 PO Box 681387, Franklin, TN 37068