How to Extract IDs and Security Policy from Windows Servers when Conducting Security Assessment

Security Policy for Windows Servercheck with the administrator if all the IDs and
One of the first area to review is the security policy ofpassword policy extracted from the tool are valid and
your PC or server. If you take a closer look at PCs ornecessary.b) Delete or disable the unnecessary IDs
servers that have been operating for a long time, youand enforce the stronger password policy.c) Further
may find IDs that are not required. These IDs mayensure that only IDs that are absolutely required are
have powerful access to your files especially if theyactive and enforce a strong password policy using
are in the administrator group.Windows Active Directory. e.g. complex alphanumeric
Another area to check is the password policy set inpassword, 180 days password expiration. As for PC
the Windows Operating System i.e. password ismake sure the administrator password is changed and
required, no expiration, minimum password length.only known by yourself/office administrator.d)
Weak or IDs without passwords are an open invitationEveryone else should use basic IDs.e) Activate
for intruder to hack into your computer systems.password for the screen saver to lock the PC screen
Step 1 How to extract IDs and Security Policies Fromwhen there is no activity for say 10 minutes.f) Educate
the Windows Server.a) I use a neat free tool calledall users on the importance of computer security.g)
Somarsoft ACL.b) Install the tool and Run DumpSecOne of the reminders I usually highlight is do not share
program.c) Extract the permissions of user, group, filepasswords and do not stick the password in front of
system, registry, password policy and other informationthe computer monitor for all to view. ( I have observed
you find useful."this sticking password on the monitor" quite a few
Step 2 Cross check the IDs with the Administratora)time in my rounds of IT Auditing for corporates !).
Once you have extracted these information, cross