Setting User Rights Policies
Windows 7 has a long
list of policies associated with user rights. To see these policies,
launch the Local Security Settings snap-in (select Start, type secpol.msc, and press Enter) and select Security Settings, Local Policies, User Rights Assignment, as shown in Figure 2.
Figure 2. In the User Rights Assignment branch, use the policies to configure the rights assigned to users or groups.
Each policy is a
specific task or action, such as Back Up Files and Directories, Deny
Logon Locally, and Shut Down the System. For each task or action, the
Security Setting column shows the users and groups who can perform the
task or to whom the action applies. To change the setting, double-click
the policy. Click Add User or Group to add an object to the policy; or
delete an object from the policy by selecting it and clicking Remove.
Setting Account Lockout Policies
Last of all, Windows 7 has a few policies that determine when an account gets locked out,
which means the user is unable to log on. A lockout occurs when the
user fails to log on after a specified number of attempts. This is a
good security feature because it prevents an unauthorized user from
trying a number of different passwords.
To see these policies, launch the Local Security Settings snap-in (select Start, type secpol.msc, and press Enter) and select Security Settings, Local Policies, Account Lockout Policy, as shown in Figure 3.
Figure 3. In the Account Lockout Policy branch, use the policies to configure when an account gets locked out of the system.
There are three policies:
Account Lockout Duration—
This policy sets the amount of time, in minutes, that the user is
locked out. Note that, to change this policy, you must set the Account
Lockout Threshold (described next) to a nonzero number.
Account Lockout Threshold—
This policy sets the maximum number of logons the user can attempt
before being locked out. Note that after you change this to a nonzero
value, Windows 7 offers to set the other two policies to 30 minutes.
Reset Account Lockout Counter After—
This policy sets the amount of time, in minutes, after which the
counter that tracks the number of invalid logons is reset to zero.