Create a corporate security baseline for Windows Vista

Sadly, there isn't a Windows feature that can analyze every aspect of a workstation's security, but you can analyze the most relevant portions of a workstation's local security policy. To do so, you would simply use a properly configured workstation to create a security baseline. You can then compare that baseline against other computers on your network to see if they are properly configured.

Creating a security baseline for Windows Vista

Whether you want to analyze a workstation to test for incorrect security settings, or you want to correct security settings that are known to be wrong, the first step in the process is to create a security baseline. A security baseline is essentially a template that specifies how to set the various Group Policy settings.

There are two primary methods of creating a security baseline template in Windows Vista. The first method involves defining the template based on settings taken from a machine that is known to be configured correctly. To do so, log in as an administrator and follow these steps:

• Click the Start button and then select All Programs | Accessories | Run.
• Enter the MMC command at the Run Prompt.
• Click Continue if prompted by Windows Defender.
• When the management console opens, select the Add / Remove Snap-In command from the File menu.
• Select Group Policy Object from the list of snap-ins, and click the Add button.
• When prompted, verify that the Local Computer Policy is selected and click Finish, followed by OK.
• Navigate through the console tree to Local Computer Policy | Computer Configuration | Windows Settings | Security Settings, as shown in Figure A below.
• Right click on the Security Settings container and select the Export Policy command from the resulting shortcut menu
• When prompted, enter a name for the policy and click the Save button.

Figure ...

To read more you must become a member of SearchEnterpriseDesktop.com

As an existing member of the TechTarget network please activate your SearchEnterpriseDesktop.com account 

By joining SearchEnterpriseDesktop.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.

TechTarget cares about your privacy. Read our Privacy Policy

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Endpoint security management tools The right security tools for finding Windows desktop weaknesses Using BitLocker in Windows 7 20 days to a more secure enterprise How to get -- and keep -- user support with security MDOP for Windows 7 available now Microsoft's Online Desktop Manager caters to small IT shops Monitoring user activity with network analyzers Using third-party technologies with Microsoft's NAP Understanding Microsoft's NAP's internal and external components Microsoft's NAP can ensure security compliance Microsoft Windows Vista operating system Windows 7 launches, offers salvation from Vista An intro to Windows 7's Deployment Image Servicing and Management tool Guide to converting from Windows XP to Windows 7 Choosing the best way to install images Has Microsoft corrected Vista annoyances in Windows 7? Microsoft's August patches run the gamut Your questions answered: The Windows 7 upgrade quandary Windows Vista users get little pricing relief on Windows 7 Combining folder redirection with roaming profiles IPv6 protocol, Windows Vista features simplify peer ad-hoc networking Windows desktop security tips The right security tools for finding Windows desktop weaknesses Using BitLocker in Windows 7 20 days to a more secure enterprise Improvements to offline file synchronization in Windows 7 How to get -- and keep -- user support with security Structuring patch management in seven steps Underlying causes of inconsistent patch management Monitoring user activity with network analyzers Microsoft's Patch Tuesday brings a bumper crop of security fixes Using third-party technologies with Microsoft's NAP

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary system tray  (SearchEnterpriseDesktop.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

A [IMAGE]
Navigate through the console tree to Local Computer Policy | Computer Configuration | Windows Settings | Security Settings

An alternate method

If you don't want to create a baseline based on an existing configuration, then there is another option. Windows Vista allows you to create a security baseline template from scratch. To do so, follow these steps:

• Click the Start button and then select All Programs | Accessories | Run.
• Enter the MMC command at the Run Prompt.
• Click Continue if prompted by Windows Defender.
• When the management console opens, select the Add / Remove Snap-In command from the File menu.
• Select the Security Templates option from the list of snap-ins and click Add, followed by OK.
• When the console opens, there should be a security templates folder shown beneath the Security Templates container. The actual name and path of this folder will vary depending on how you are logged in, but right click on the security template folder and select the New Template command from the resulting shortcut menu.
• When prompted, enter a name and a description for the template that you are creating.
• Click OK, and the new template will be placed beneath the security templates folder, as shown in Figure B below.
• Now, populate the various security settings in the same way that you would if you were creating a Group Policy. Figure C below shows what this process looks like.

Figure B [IMAGE]The new template appears beneath the security template folder.

Figure C [IMAGE]You can populate the new template in the same way that you would populate a Group Policy.

Now that I have shown you how to create a security baseline template, it's time to put the baseline template to use. In my next tip on creating a security baseline, I will show you how to use the template that you have created to analyze Windows Vista workstations on your network and how to use the template to adjust and amend security problems that you may encounter.

About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies.