The original URL for this blog post was:
http://blogs.msdn.com/b/jjameson/archive/2009/10/21/eliminate-mbsa-warnings-using-default-security-settings-policy.aspx
Since I no longer work for Microsoft, I have copied it here in case that blog ever goes away.
Microsoft has done a rather poor job of preserving functional links throughout the years, but you might still be able to view the original post in the Random Musings of Jeremy Jameson - Blog Archive.
Another Group Policy object that I use in the “Jameson Datacenter” (a.k.a. my home lab) is one that I created a couple of years ago in order to eliminate various warnings from the Microsoft Baseline Security Advisor (MBSA).
To automatically change the default security settings in the “Jameson Datacenter”, I defined a Group Policy (named Default Security Settings Policy) with the following settings:
- Computer Configuration
- Policies
- Windows Settings
- Security Settings
- Account Policies
- Password Policy
- Maximum password age: 60 days
- Minimum password age: 1 day
- Minimum password length: 8 characters
- Password Policy
- Local Policies
- Security Options
- Network security: LAN Manager authentication level: Send NTLMv2 response only. Refuse LM & NTLM
- Security Options
- System Services
- TlntSvr
- Startup Mode: Disabled
- TlntSvr
- Account Policies
- Security Settings
- Windows Settings
- Policies
I don’t know about you, but I haven’t used Telnet in almost fifteen years – back when I used to work on Unix systems ;-)
This Group Policy is linked to the entire domain (i.e. corp.technologytoolbox.com).
Note that I still use the Default Domain Controllers Policy to configure the security settings on the domain controllers (and thus domain accounts). In other words, the settings noted above only affect local accounts (e.g. COLOSSUS\Administrator, not TECHTOOLBOX\jjameson).