1/20Windows安全加固建议书2/20目录1配置标准...................................................................................................................................31.1组策略管理...................................................................................................................31.1.1组策略的重要性...............................................................................................31.1.2组策略的应用方式...........................................................................................31.1.3组策略的实施...................................................................................................41.2用户账号控制...............................................................................................................51.2.1密码策略...........................................................................................................51.2.2复杂性要求.......................................................................................................51.2.3账户锁定策略...................................................................................................51.2.4内置账户安全...................................................................................................61.3安全选项策略...............................................................................................................61.4注册表安全配置...........................................................................................................81.4.1针对网络攻击的安全考虑事项.......................................................................81.4.2禁用文件名的自动生成...................................................................................91.4.3禁用Lmhash创建..........................................................................................91.4.4配置NTLMSSP安全...................................................................................101.4.5禁用自动运行功能.........................................................................................101.5补丁管理.....................................................................................................................111.5.1确定修补程序当前版本状态.........................................................................111.5.2部署修补程序.................................................................................................111.6文件/目录控制............................................................................................................111.6.1目录保护.........................................................................................................111.6.2文件保护.........................................................................................................121.7系统审计日志.............................................................................................................161.8服务管理.....................................................................................................................171.8.1成员服务器.....................................................................................................171.8.2域控制器.........................................................................................................181.9其它配置安全....................................................................
