Using Policy Editor and Enforcing Password Security
You can restrict what users are allowed to do from the desktop and what they are allowed to configure using the Policy Editor (poledit). Also, system policies can be used to centrally configure network settings, such as the network client configuration options and the ability to install or configure File and Print Sharing services. Policies can be used to customize certain parts of the desktop, such as Network Neighborhood or the Programs folder.
As a consumer, you might be concerned about your children having access to certain programs and need to restrict what they can do on the computer. The Policy Editor does not come installed by default. You must install it by using Add/Remove Programs in the Control Panel. Under the Windows Setup tab, select Have Disk and install the Policy Editor located at ools eskit etadminpoledit on the Windows 98 CD-ROM. After you have installed the Policy Editor, select Start, Run and type poledit in the Run window to launch the Policy Editor. Then select File, Open Registry. You can then select Local Computer, as shown in Figure 10.14. This enables you to make settings for a standalone machine.
Figure 10.14. Using Poledit.
Navigating through the expandable tree, you can make policy settings by checking or unchecking the appropriate boxes, as shown in Figure 10.15.
Figure 10.15. Individual policy keys.
System policy settings can be used to enforce good security practices, such as the following:
Require Validation from Network for Windows Access— This specifies that a server validates each logon before access to Windows is allowed.
Minimum Windows Logon Password Length— This controls the minimum number of characters accepted for a Windows 95 logon password.
Require Alphanumeric Windows Logon Password— This forces a Windows 95 logon password to be a combination of numbers and letters.
Hide Share Passwords with Asterisks— This causes asterisks to replace characters that users type when accessing a shared resource.
Disable Passwords Control Panel— This prevents access to the Passwords option in Control Panel.
Hide Change Passwords Page— This hides the Properties dialog box in the Passwords option in the Control Panel.
Disable Password Caching— This prevents saving of passwords for share-level resources, applications, or NetWare passwords.
Disable Caching of Domain Password— This prevents the caching of the network password.
Install the Policy Editor to set these Registry settings. Using these settings further restricts access to your computer from intruders. These settings can also enforce better security practices by home users who share a computer.