Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Windows 7 security primer, part one

Roger Grimes | Jan. 12, 2010
This is the first of a three-part series of explanations and recommendations about key security improvements in Windows 7.

When a VSA controls a service, the service accesses the network with the computer's identity (in a domain environment), which is much like what the built-in LocalSystem and Network Service accounts do, except that VSAs allow each service to have its own separate security domain (and subsequent isolation).

Creating a Virtual Service Account is pretty easy. Open the Services console (services.msc) and modify the service's logon account name to be the same as the service's short name, such as ex. NT SERVICE\ServiceName$. Then restart the service. That's it.

Recommendation: When the infrastructure can support it, consider using Managed and Virtual Service Accounts functionality to manage service account password security.

That wraps up part one of my three-part series on Windows 7 security. Part two will cover some of the more exciting features, such as XP Mode and AppLocker.


 

Previous Page  1  2  3 

Sign up for Computerworld eNewsletters.