HP Survivable Branch Communication zl Module powered by Microsoft Lync Planning and Design Guide 2011-02
2-42
Design Considerations
Planning Security
The remaining settings have a related registry path but are generally configured in this local
security policy: Computer Configuration\Windows Settings\Security Settings\Local
Policies\Security Options.
In addition to the registry setting, the left column also displays the related parameter in this
policy.
HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateCDRoms
Policy setting:
Devices: Restrict CD-ROM access to locally logged-on user
only
Disabled
HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateDASD
Policy setting:
Devices: Allowed to format and eject removable media
Administrators and
Interactive Users (only
Administrators for the SBM)
HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateFloppies
Policy setting:
Devices: Restrict floppy access to locally logged-on user only
Disabled
HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\CachedLogonsCount
Policy setting:
Interactive logon: Number of previous logons to cache (in case
domain controller is not available)
2
HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\PasswordExpiryWarning
Policy setting:
Interactive logon: Prompt user to change password before
expiration
14 days
HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\ScRemoveOption
Policy setting:
Interactive logon: Smart card removal behavior
Lock Workstation
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies
\System\DontDisplayLastUserName
Policy setting:
Interactive logon: Do not display last user name
Enabled
Setting’s Registry Path or Policy Path Windows 7 USGCB
Recommended Setting