From 8dc4561a5df0ffd98ddf4c375dc944c7fe1fa8f6 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 1 Aug 2017 14:44:29 -0700 Subject: [PATCH 1/4] revised Explain text --- .../accounts-administrator-account-status.md | 8 ++++---- .../security-policy-settings/security-options.md | 1 + .../shutdown-clear-virtual-memory-pagefile.md | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/windows/device-security/security-policy-settings/accounts-administrator-account-status.md b/windows/device-security/security-policy-settings/accounts-administrator-account-status.md index 5a3cde966e..9d0427bb2e 100644 --- a/windows/device-security/security-policy-settings/accounts-administrator-account-status.md +++ b/windows/device-security/security-policy-settings/accounts-administrator-account-status.md @@ -20,16 +20,14 @@ Describes the best practices, location, values, and security considerations for This security setting determines whether the local administrator account is enabled or disabled. -If you try to enable the administrator account after it has been disabled, and if the current administrator password does not meet the password requirements, you cannot enable the account. In this case, an alternative member of the Administrators group must reset the password on the administrator account. - -If you disable this policy setting, and one of the following conditions exists on the computer, the administrator account is not disabled. +The following conditions prevent disabling the administrator account, even if this security setting is disabled. 1. No other local administrator account exists 2. The administrator account is currently in use 3. All other local administrator accounts are: 1. Disabled 2. Listed in the [Deny log on locally](deny-log-on-locally.md) User Rights Assignment -If the current administrator password does not meet the password requirements, you will not be able to enable the administrator account again after it has been disabled. In this case, another member of the Administrators group must set the password on the administrator account. +If the administrator account is disabled, you cannot enable it if the password does not meet requirements. In this case, another member of the Administrators group must reset the password. ### Possible values - Enabled @@ -51,12 +49,14 @@ Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Sec The following table lists the actual and effective default values for this policy. Default values are also listed on the policy’s property page. | Server type or GPO | Default value | +| - | - | | Default Domain Policy | Not defined | | Default Domain Controller Policy |Not defined | | Stand-Alone Server Default Settings | Enabled | | DC Effective Default Settings | Enabled | | Member Server Effective Default Settings | Enabled | | Client Computer Effective Default Settings | Disabled | +   ## Policy management diff --git a/windows/device-security/security-policy-settings/security-options.md b/windows/device-security/security-policy-settings/security-options.md index b4896738f7..dc499508d8 100644 --- a/windows/device-security/security-policy-settings/security-options.md +++ b/windows/device-security/security-policy-settings/security-options.md @@ -53,6 +53,7 @@ For info about setting security policies, see [Configure security policy setting | [Domain member: Maximum machine account password age](domain-member-maximum-machine-account-password-age.md) |Describes the best practices, location, values, and security considerations for the **Domain member: Maximum machine account password age** security policy setting.| |[Domain member: Require strong (Windows 2000 or later) session key](domain-member-require-strong-windows-2000-or-later-session-key.md)| Describes the best practices, location, values, and security considerations for the **Domain member: Require strong (Windows 2000 or later) session key** security policy setting. | | [Interactive logon: Display user information when the session is locked](interactive-logon-display-user-information-when-the-session-is-locked.md)| Describes the best practices, location, values, and security considerations for the **Interactive logon: Display user information when the session is locked** security policy setting. | +| [Interactive logon: Don't display last signed-in](interactive-logon-do-not-display-last-user-name.md)| Describes the best practices, location, values, and security considerations for the **Interactive logon: Don't display last signed-in** security policy setting.| | [Interactive logon: Do not display last user name](interactive-logon-do-not-display-last-user-name.md)| Describes the best practices, location, values, and security considerations for the **Interactive logon: Do not display last user name** security policy setting.| | [Interactive logon: Do not require CTRL+ALT+DEL](interactive-logon-do-not-require-ctrl-alt-del.md)| Describes the best practices, location, values, and security considerations for the **Interactive logon: Do not require CTRL+ALT+DEL** security policy setting.| | [Interactive logon: Machine account lockout threshold](interactive-logon-machine-account-lockout-threshold.md) | Describes the best practices, location, values, management, and security considerations for the **Interactive logon: Machine account lockout threshold** security policy setting.| diff --git a/windows/device-security/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md b/windows/device-security/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md index 348aa4eb2d..16ed671235 100644 --- a/windows/device-security/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md +++ b/windows/device-security/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md @@ -9,7 +9,7 @@ ms.pagetype: security author: brianlic-msft --- -# Shutdown: Clear virtual memory pagefile - security policy setting +# Shutdown: Clear virtual memory pagefile **Applies to** - Windows 10 From 1b3a212f2e3963ae9ba76654038e503a6e10b3b1 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 1 Aug 2017 14:53:14 -0700 Subject: [PATCH 2/4] revised Explain text --- .../security-policy-settings/security-options.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/device-security/security-policy-settings/security-options.md b/windows/device-security/security-policy-settings/security-options.md index dc499508d8..ef8b7caae4 100644 --- a/windows/device-security/security-policy-settings/security-options.md +++ b/windows/device-security/security-policy-settings/security-options.md @@ -54,7 +54,7 @@ For info about setting security policies, see [Configure security policy setting |[Domain member: Require strong (Windows 2000 or later) session key](domain-member-require-strong-windows-2000-or-later-session-key.md)| Describes the best practices, location, values, and security considerations for the **Domain member: Require strong (Windows 2000 or later) session key** security policy setting. | | [Interactive logon: Display user information when the session is locked](interactive-logon-display-user-information-when-the-session-is-locked.md)| Describes the best practices, location, values, and security considerations for the **Interactive logon: Display user information when the session is locked** security policy setting. | | [Interactive logon: Don't display last signed-in](interactive-logon-do-not-display-last-user-name.md)| Describes the best practices, location, values, and security considerations for the **Interactive logon: Don't display last signed-in** security policy setting.| -| [Interactive logon: Do not display last user name](interactive-logon-do-not-display-last-user-name.md)| Describes the best practices, location, values, and security considerations for the **Interactive logon: Do not display last user name** security policy setting.| +| [Interactive logon: Don't dispplay username at sign-in](interactive-logon-dont-display-username-at-sign-in.md)| Describes the best practices, location, values, and security considerations for the **Interactive logon: Do not display username at sign-in** security policy setting.| | [Interactive logon: Do not require CTRL+ALT+DEL](interactive-logon-do-not-require-ctrl-alt-del.md)| Describes the best practices, location, values, and security considerations for the **Interactive logon: Do not require CTRL+ALT+DEL** security policy setting.| | [Interactive logon: Machine account lockout threshold](interactive-logon-machine-account-lockout-threshold.md) | Describes the best practices, location, values, management, and security considerations for the **Interactive logon: Machine account lockout threshold** security policy setting.| | [Interactive logon: Machine inactivity limit](interactive-logon-machine-inactivity-limit.md)| Describes the best practices, location, values, management, and security considerations for the **Interactive logon: Machine inactivity limit** security policy setting.| From 87ea3ac48565101aaa029bae9ff7d9febf6c0a47 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 1 Aug 2017 14:54:34 -0700 Subject: [PATCH 3/4] typo --- .../security-policy-settings/security-options.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/device-security/security-policy-settings/security-options.md b/windows/device-security/security-policy-settings/security-options.md index ef8b7caae4..e8cba42ee3 100644 --- a/windows/device-security/security-policy-settings/security-options.md +++ b/windows/device-security/security-policy-settings/security-options.md @@ -54,7 +54,7 @@ For info about setting security policies, see [Configure security policy setting |[Domain member: Require strong (Windows 2000 or later) session key](domain-member-require-strong-windows-2000-or-later-session-key.md)| Describes the best practices, location, values, and security considerations for the **Domain member: Require strong (Windows 2000 or later) session key** security policy setting. | | [Interactive logon: Display user information when the session is locked](interactive-logon-display-user-information-when-the-session-is-locked.md)| Describes the best practices, location, values, and security considerations for the **Interactive logon: Display user information when the session is locked** security policy setting. | | [Interactive logon: Don't display last signed-in](interactive-logon-do-not-display-last-user-name.md)| Describes the best practices, location, values, and security considerations for the **Interactive logon: Don't display last signed-in** security policy setting.| -| [Interactive logon: Don't dispplay username at sign-in](interactive-logon-dont-display-username-at-sign-in.md)| Describes the best practices, location, values, and security considerations for the **Interactive logon: Do not display username at sign-in** security policy setting.| +| [Interactive logon: Don't display username at sign-in](interactive-logon-dont-display-username-at-sign-in.md)| Describes the best practices, location, values, and security considerations for the **Interactive logon: Do not display username at sign-in** security policy setting.| | [Interactive logon: Do not require CTRL+ALT+DEL](interactive-logon-do-not-require-ctrl-alt-del.md)| Describes the best practices, location, values, and security considerations for the **Interactive logon: Do not require CTRL+ALT+DEL** security policy setting.| | [Interactive logon: Machine account lockout threshold](interactive-logon-machine-account-lockout-threshold.md) | Describes the best practices, location, values, management, and security considerations for the **Interactive logon: Machine account lockout threshold** security policy setting.| | [Interactive logon: Machine inactivity limit](interactive-logon-machine-inactivity-limit.md)| Describes the best practices, location, values, management, and security considerations for the **Interactive logon: Machine inactivity limit** security policy setting.| From 7c1cb73007e34b519fcfaaed7c1212fb5a92835b Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Tue, 1 Aug 2017 14:59:18 -0700 Subject: [PATCH 4/4] typo --- .../accounts-administrator-account-status.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/windows/device-security/security-policy-settings/accounts-administrator-account-status.md b/windows/device-security/security-policy-settings/accounts-administrator-account-status.md index 9d0427bb2e..ed67dc80c4 100644 --- a/windows/device-security/security-policy-settings/accounts-administrator-account-status.md +++ b/windows/device-security/security-policy-settings/accounts-administrator-account-status.md @@ -18,16 +18,17 @@ Describes the best practices, location, values, and security considerations for ## Reference -This security setting determines whether the local administrator account is enabled or disabled. +This security setting determines whether the local Administrator account is enabled or disabled. -The following conditions prevent disabling the administrator account, even if this security setting is disabled. -1. No other local administrator account exists -2. The administrator account is currently in use -3. All other local administrator accounts are: +The following conditions prevent disabling the Administrator account, even if this security setting is disabled. + +1. The administrator account is currently in use +2. The Administrators group has no other members +3. All other members of the Administrator group are: 1. Disabled 2. Listed in the [Deny log on locally](deny-log-on-locally.md) User Rights Assignment -If the administrator account is disabled, you cannot enable it if the password does not meet requirements. In this case, another member of the Administrators group must reset the password. +If the Administrator account is disabled, you cannot enable it if the password does not meet requirements. In this case, another member of the Administrators group must reset the password. ### Possible values - Enabled